February 26, 2024

3 minutes read

Open-sourcing Handshake: OAuth made easy

A Next.js app that handles OAuth flows with 200+ APIs. Get you access tokens to your users' third-party accounts.

Felipe Aragão


Today, we're excited to announce Handshake.

Handshake is a new open-source project that helps developers obtain access tokens to popular APIs. It abstracts away the complexities of OAuth for over 200 apps while preserving the flexibility and observability that engineering teams expect.

How it works

Handshake is a Next.js app that you can set up and deploy to Vercel within minutes. Just clone our repo and modify the app/options.ts file to configure the OAuth providers you need.

// app/options.ts
import { Salesforce, HandshakeOptions } from "handshake"
const options: HandshakeOptions = {
	// ...
	handlers: [
			clientId: "YOUR_CLIENT_ID",
			clientSecret: "YOUR_CLIENT_SECRET",
			scopes: [...]
export default options

Then, we suggest you deploy your Handshake instance to a subdomain such as handshake.yourdomain.com. Finally, to request access tokens for an API (eg. Salesforce) from a user, redirect them to /auth/salesforce/redirect and Handshake will handle the rest.

Why we built this

Our goal at Fiber is to help developers build delightful integrations. To that end, we've been handling OAuth for some clients since our very first week as a company. As of today, we've taken thousands of end users through the process, and learned quite a bit on the way. Handshake is the product of that learning.

We didn't originally plan on offering something like Handshake. Personally, I didn't believe the pain was big enough to justify our attention. So we continued to handle OAuth for some clients as an bonus feature, without advertising it.

As time went on, however, we noticed a good amount of inbound interest in Fiber came from companies mainly interested in help with OAuth. Whenever we politely turned away these customers, we tried to point them towards good open-source solutions but couldn't find anything worth recommending. The projects we found usually fell into two categories: stale or bloated. The latter included projects that had moved beyond handling OAuth to incorporate lots of extra integration features. In the process, they lost flexibility and harmed developer experience.

Our plan for Handshake

Our north star for Handshake is this to keep it open and to keep it simple. The goal is to help developers get access to their users' third-party accounts. We won't try to pack unrelated features into it, or offer an enterprise version to make money. Fiber is how we make money, not Handshake.

That's it. We hope Handshake is useful to you. We're committed to keeping improving this project around for years to come.

Check our documentation at handshake.cool and take us for a spin on Github. We'll love to hear your thoughts.