Bug: OAuth 2.0 State Parameter fails with Pipe Delimiters (RFC 6749 Non-Compliance)

https://accounts.zoho.com/oauth/v2/auth?response_type=code
    &client_id=<client_id>
    &scope=<scope>
    &redirect_uri=<redirect_uri>
    &access_type=offline
    &state=<state_value>

// Instead of using pipes as delimiters:
state = csrf_token + "|" + user_id + "|" + redirect_path;
// ❌ This breaks Zoho's authorization flow

// Developers must use alternative approaches:
state = csrf_token + "_SEP_" + user_id + "_SEP_" + redirect_path;
// or
state = base64_encode(json_encode({"csrf": token, "user": id, "path": path}));
// or
state = csrf_token; // Store other data server-side keyed by CSRF token

• Topic Participants

• Damien Cregan

  

• Sticky Posts

• Deprecation of SMS-based multi-factor authentication (MFA) mode

  Overview of SMS-based OTP MFA mode The SMS-based OTP MFA method involves the delivery of a one-time password to a user's mobile phone via SMS. The user receives the OTP on their mobile phone and enters it to sign into their account. SMS-based OTPs offer

• Recent Topics

• Appreciation to Qntrl Support Team

  We are writing this topic to appreciate the outstanding level of support from Qntrl Team. We have been using Qntrl since 2022 after shifting from another similar platform. Since we joined Qntrl, the team has shown a high level of professionalism, support,

• How can I hide "My Requests" and "Marketplace" icon from the side menu

  Hello everybody, We recently started using the new Zoho CRM for Everyone. How can I hide "My Requests" and "Marketplace" from the side menu? We don't use these features at the moment, and I couldn't find a way to disable or remove them. Best regards,

• Whatsapp Integration on Zoho Campaign

  Team: Can the messages from Zoho Campaign delivered through Whatsapp... now customers no longer are active on email, but the entire campaign module is email based.... when will it be available on whatsapp.... are there any thirdparty providers who can

• Mandatory Field - but only at conversion

  Hello! We use Zoho CRM and there are times where the "Lead Created Date & Time" field isn't populated into a "Contractor" (Account is the default phrase i believe). Most of my lead tracking is based on reading the Lead Created field above, so it's important

• Different Task Layouts for Subtasks

  I was wondering how it would be possible for a subtask to have a different task layout to the parent task.

• Enable Free External Collaboration on Notecards in Zoho Notebook

  Hi Zoho Notebook Team, I would like to suggest a feature enhancement regarding external collaboration in Zoho Notebook. Currently, we can share notes with external users, and they are able to view the content without any issue. However, when these external

• Using data fields in Zoho Show presentations to extract key numbers from Zia insights based on a report created

  Is it possible to use data fields in Zoho Show presentations along with Zoho Analytics to extract key numbers from Zia insights based on a report created? For example, using this text below: (note that the numbers in bold would be from Zia Insights) Revenue

• Free webinar: AI-powered agreement management with Zoho Sign

  Hi there! Does preparing an agreement feel like more work than actually signing it? You're definitely not alone. Between drafting the document, managing revisions, securing internal approvals, and rereading clauses to make sure everything still reflects

• WhatsApp Channels in Zoho Campaigns

  Now that Meta has opened WhatsApp Channels globally, will you add it to Zoho Campaigns? It's another top channel for marketing communications as email and SMS. Thanks.

• CRM For Everyone - Bring Back Settings Tile View

  I've been using CRM for Everyone since it was in early access and I just can't stand the single list settings menu down the left-hand side. It takes so much longer to find the setting I need. Please give users the option to make the old sytle tile view

• Lets have Dynamics 365 integration with Zohobooks

  Lets have Dynamics 365 integration with Zohobooks

• Add notes in spreadsheet view

  It would be great if we could Add/edit notes in the spreadsheet view of contacts/leads. This would enable my sales teams to greatly increase their number of calls. Also viewing the most recent note in the Contact module would also be helpful.

• Opening balances - Accounts Receivable and Payable

  Our accounting year starts on 1st August 2013 and I have a Trial Balance as at that date, including Accounts Receivableand Accounts Payable balances, broken down by each customer and supplier. Q1 - do I show my opening balance date as 31st July 2013 or

• Announcing Kiosk 1.1 - Customize screen titles, configure new fields & actions, use values from your Kiosk to update fields, and more.

  Hello all We are back again with more enhancements to Kiosk. So what's new? Enhancements made to the Components Add titles for your Kiosk screens and adjust its width to suit your viewing preferences. Three new fields can be added to your screen: Percentage,

• Cancel Subscription

  Hi , Im want to cancel my account but without success please help me to do it

• Making an email campaign into a Template

  I used a Zoho Campaign Template to create an email. Now I want to use this email and make it a new template, but this seems to be not possible. Am I missing something?

• Direct Access and Better Search for Zoho Quartz Recordings

  Hi Zoho Team, We would like to request a few enhancements to improve how Zoho Quartz recordings are accessed and managed after being submitted to Zoho Support. Current Limitation: After submitting a Quartz recording, the related Zoho Support ticket displays

• Multiple Cover Letters

  We are using the staffing firm edition of Recruit and we have noticed that candidates cannot add more than one cover letter. This is a problem as they might be applying for multiple jobs on our career site and when we submit their application to a client,

• URGENT: Deluge issue with Arabic text Inbox

  Dear Deluge Support, We are facing an issue that started on 12/Feb/2026 with custom functions written using Deluge within Qntrl platform. Currently, custom functions do not accept Arabic content; it is replaced with (???) characters. Scenario 1: If we

• File Conversion from PDF to JPG/PNG

  Hi, I have a question did  anyone every tried using custom function to convert a PDF file to JPG/PNG format? Any possibility by using the custom function to achieve this within zoho apps.  I do know there are many third parties API provide this with

• Now in Zoho One: Orchestrate customer journeys across apps with Zoho CommandCenter

  Hello Zoho One Community! We’re excited to introduce Zoho CommandCenter as a new capability available in Zoho One. For the whole customer journey As Zoho One customers adopt more apps across sales, marketing, finance, and support, a common challenge emerges:

• annualy customer report

  we need a report per customer that looks like this invoic number cleaning laundry repair management 01 january xxx euro xx euro xx euro xxx euro 02 february xxx euro xxx euro x euro xxxx euro and so on the years 12 months is that possible to make and

• Totals for Sales Tax Report

  On the sales tax report, the column totals aren't shown for any column other than Total Tax. I can't think of a good reason that they shouldn't be included for the other columns, as well. It would help me with my returns, for sure. It seems ludicrous

• Free Webinar: Zoho Sign for Zoho Projects: Automate tasks and approvals with e-signatures

  Hi there! Handling multiple projects at once? Zoho Projects is your solution for automated and streamlined project management, and with the Zoho Sign extension, you can sign, send, and manage digital paperwork directly from your project workspace. Join

• Exported Report File Name

  Hi, We often export reports for information. It is time consuming to rename all the reports we export on a weekly basis, as when exported their default name is a seemingly random string of numbers. These numbers may be important, I'm not sure, but I am

• Automatic Refresh on Page?

  Hi everyone, We use a page as a dashboard which shows data for the laboratory and tasks pending etc. Is there a way to set the page to automatically refresh on a X time? Many thanks TOG

• How do I edit the Calendar Invite notifications for Interviews in Recruit?

  I'm setting up the Zoho Recruit Interview Calendar system but there's some notifications I don't have any control over. I've turned off all Workflows and Automations related to the Calendar Scheduling and it seems that it's the notification that is sent

• Add RTL and Hebrew Support for Candidate Portal (and Other Zoho Recruit Portals)

  Dear Zoho Recruit Team, I hope you're doing well. We would like to request the ability to set the Candidate Portal to be Right-to-Left (RTL) and in Hebrew, similar to the existing functionality for the Career Site. Currently, when we set the Career Site

• App for Mac OS X please!

  It would be awesome to have a mail app for Mac OS X that included all the cool features such as steams, calendar, tasks, contacts, etc. Most people prefer native apps, rather than running it through a web browser. I know that we can use the IMAP, CalDAV,

• CRM x WorkDrive: File storage for new CRM signups is now powered by WorkDrive

  Availability Editions: All DCs: All Release plan: Released for new signups in all DCs. It will be enabled for existing users in a phased manner in the upcoming months. Help documentation: Documents in Zoho CRM Manage folders in Documents tab Manage files

• Introducing Workqueue: your all-in-one view to manage daily work

  Hello all, We’re excited to introduce a major productivity boost to your CRM experience: Workqueue, a dynamic, all-in-one workspace that brings every important sales activity, approval, and follow-up right to your fingertips. What is Workqueue? Sales

• Default Reminder Time in New Tasks or New Event?

  Any way to change this from 1:00am? Thanks, Gary Moderation Update (February 2026): With the Calendar preferences, the default reminder time for Meetings, Appointments and All-Day Meetings can be set. Read more: Calendar preferences in Zoho CRM Regarding

• Dynamic Field Folders in OneDrive

  Hi, With the 2 options today we have either a Dynamic Parent Folder and lots of attachments all in that one folder with only the ability to set the file name (Which is also not incremented so if I upload 5 photos to one field they are all named the same

• Right Shift key not sending to Zoho Assist environments

  I'm unable to use Right Shift key in Zoho environments. Zoho environments are Win10. Computer I access from is Win 11. Issue started when I changed to Win 11. Have tried: - Multiple browsers - web client AND desktop client - 3rd party mapping tools to

• Unable to Filter Retail Sales Orders & Need Paid/Unpaid Filter – Zoho Books

  Hi Zoho Team, Recently you introduced Retail – Standard and Retail – Premium templates for Sales Orders. However, in the Sales Order module we still cannot filter or segregate Retail Sales Orders separately from normal B2B sales orders. Because of this,

• About Meetings (Events module)

  I was working on an automation to cancel appointments in zoho flow , and in our case, we're using the Meetings module (which is called Events in API terms). But while working with it, I'm wondering what information I can display in the image where the

• PDF Annotation is here - Mark Up PDFs Your Way!

  Reviewing PDFs just got a whole lot easier. You can now annotate PDFs directly in Zoho Notebook. Highlight important sections, add text, insert images, apply watermarks, and mark up documents in detail without leaving your notes. No app switching. No

• Ability to assign Invoice Ownership through Deluge in FSM

  Hi, As part of our process, when a service appointment is completed, we automated the creation of the invoice based on a specific business logic using Deluge. When we do that, the "Owner" of the invoice in Zoho FSM is defaulted to the SuperAdmin. This

• How do you do ticket add ons in Backstage?

  Hi Everyone, If you wanted to have general admin tickets and allow for add ons, like camping, or car or Carbon offset. What would you do? Peace Robin

• From Zoho CRM to Paper : Design & Print Data Directly using Canvas Print View

  Hello Everyone, We are excited to announce a new addition to your Canvas in Zoho CRM - Print View. Canvas print view helps you transform your custom CRM layouts into print-ready documents, so you can bring your digital data to the physical world with

• Next Page