Bug: OAuth 2.0 State Parameter fails with Pipe Delimiters (RFC 6749 Non-Compliance)

https://accounts.zoho.com/oauth/v2/auth?response_type=code
    &client_id=<client_id>
    &scope=<scope>
    &redirect_uri=<redirect_uri>
    &access_type=offline
    &state=<state_value>

// Instead of using pipes as delimiters:
state = csrf_token + "|" + user_id + "|" + redirect_path;
// ❌ This breaks Zoho's authorization flow

// Developers must use alternative approaches:
state = csrf_token + "_SEP_" + user_id + "_SEP_" + redirect_path;
// or
state = base64_encode(json_encode({"csrf": token, "user": id, "path": path}));
// or
state = csrf_token; // Store other data server-side keyed by CSRF token

• Topic Participants

• Damien Cregan

  

• Sticky Posts

• Deprecation of SMS-based multi-factor authentication (MFA) mode

  Overview of SMS-based OTP MFA mode The SMS-based OTP MFA method involves the delivery of a one-time password to a user's mobile phone via SMS. The user receives the OTP on their mobile phone and enters it to sign into their account. SMS-based OTPs offer

• Recent Topics

• Run a workflow after record merge

  Hello, We are wondering if there is a way to trigger a workflow after two records are merged? We have a sms service that use to text back and forth with Prospects and Contacts. To make it easy for our users, we automatically create them in this other

• Live webinar | The Evolution of Zoho Show: 2025 Feature Recap

  2025 has been a year of exciting updates and features for Zoho Show. From advanced design and formatting tools to smarter presentation delivery, enhanced collaboration, and AI-powered features—along with the launch of our desktop apps, Show has continued

• Batch Tracking custom function

  Hi fellow zoho users, We have our ecommerce site setup to shopify. I have some products I want to add batch tracking too, my only issue is that it breaks our shopify workflow (create sales order, invoice, payment, package) because it requires us to manually

• Include Suggested Articles in New Ticket Email

  When someone creates a new ticket, is there any way to include recommended knowledge base articles (like the ones Zia Suggests) in the email notification to the user? When they're waiting for a reply, it would be nice to have sent them some recommended

• Zoho Flow + QuickBooks Estimates – Line items not created from CRM subform

  Hi everyone, I’m trying to create QuickBooks Estimates from Zoho CRM Quotes using Zoho Flow. I’m aware that Zoho Flow’s native “Create Estimate” action does not support multiple line items, so I followed the community guidance for Invoices using a custom

• SAP S/4 HANA Integration via ZOHO Flow

  Hi How do I change the SAP Client ID while creating a new connection ? MY client ID is 421. I believe the client id should be an input field for length 3 numbers rather then a drop down to select from a fixed set of values. Thanks

• VLOOKUP FUNCTION PROBLEM

     Hello, i have a problem with the VLOOKUP  function in my sheet http://public.sheet.zoho.com/public/tonimoreno/indicemasacorporal2 in cell D2. This function doesn't work correctly and always returns the last content of the range. Can you help me?

• Zoho Flow Completely Broken?

  Since December 13th, 100% of our flows have stopped working completely. Nothing is working or triggering??? I called support & sat on the line with them for 2 HOURS until they finally concluded it was a back-end problem on their end?? Now i'm calling

• Print / Export full Dashboard page

  Hello Zoho team, It is currently only possible to print/export one component of a dashboard at a time. Requesting the option to print/export a full dashboard page with all components to a pdf or picture. Doing through the browser doesn't give good results.

• emails duplicated in my outlook client

  Hello I am just new here and I have a litle problem that I do not find how to solve. I sumarise here after. Your help would be very appreciated. I have just recently contracted this zoho mail servicesservices as an initial evaluation yesterday night. I then:   - opened a free account  - created 1 initial email address ..........@domain.com  - created a second email address ..........@domain.com - proceeded with the config instructions (checking the ownership of my domain, changing MX etc... ) as

• How to check task starting time in zoho mobile app?

  I am using the Zoho mobile app on my iPhone, and I am not able to see the task's starting and finishing times. When opening the Task information / Details, I can only see the Task start date and due date, but not the time. Is there any way to check a

• Creating an extension in Sigma: Zoho CRM isn't selectable as a service

  I have 2 Zoho accounts which are part of 2 different workplaces. One workplace is able to select 'Zoho CRM' as a service option when creating a new extension, the other one is not. I'm not sure what the exact differences are between them. What do I need

• List of packaged components and if they are upgradable

  Hello, In reference to the article Components and Packaging in Zoho Vertical Studio, can you provide an overview of what these are. Can you also please provide a list of of components that are considered Packaged and also whether they are Upgradable?

• RouteIQ for Zoho FSM

  Beste, Zou wel top zijn dat we een RouteIQ hebben voor FSM aangezien we constant moeten zien wat de beste route is voor onze monteurs. Nu moeten we een speciale aparte programma hebben om de beste route te berrekenen voor onze monteurs aangezien de planning

• Export Tickets from the Help Center

  Hello everyone! We are now allowing end users to export tickets directly from the help center. The ticket export allows users to: Filter tickets by Department, Priority, and Account before exporting. Download files from Export History (Setup > Data administration

• Is it possible to remove filtering options?

  My CRM has a lot of custom fields that should not be used in filters or views. Fields that are automated and exist only to store temporary values that get used in functions. These create a lot of noise in the list of fields to filter. Isn't there any

• Function #18: Associate invoice templates automatically based on customer language

  For businesses dealing with a diverse linguistic clientele, it becomes crucial to send out invoices in the customer's preferred language to ensure effective communication. This requirement can be handled in Zoho Books by creating invoice templates in

• Changing field types

  Question im a Zoho CRM user and curious, if I change a flied type from single or multi line text to a URL field type will i lose the data in the field or will it be converted to website link automatically. Thanks

• Quote PDF – Header image stopped rendering suddenly

  Hello Zoho Support Team, We are facing an issue with Quote PDF templates in Zoho Books. Previously, images added inside the Quote header HTML were rendering correctly. However, recently the header image is no longer appearing, while header text still

• Changing Default PDF Name

  Is it possible to change the default name of a PDF? As of right now, all of my quotes are named 'QT_$QuoteNumber' (i,e: 'QT_19803471298374) - would it be possible to change this to: '$CompanyName - $AccountName - $QuoteNumber' for instance?

• Tip 2: Recursive functions in Deluge: How to dynamically run a function for a specified number of times.

  Hi folks, As part of the Zoho Creator - Tips and Tricks series every fortnight, we are back today with a new tip on Recursive functions.  Let us first quickly understand what Recursive functions are: A function that calls itself one or more times is known as a Recursive function. That is, you can execute a function to perform a particular action a specific number of times. And, at the end of each iteration, a new output is generated. Recursive functions are commonly used by programmers as it enables

• Function #48: Manage fixed installment payments using Zoho Books

  Hello everyone, and welcome back to our series! Businesses offer installment payment options to their customers, particularly for expensive purchases, to ease the financial burden on them. By breaking down the total cost into smaller, more manageable

• Spotlight series #6: The Show app for Android TV has a new look!

  Hello everyone! We are delighted to introduce our revamped and redesigned Show app for Android TV.  Smart TVs are exploding in popularity. Android TV alone has over 110 million active monthly devices. Zoho Show, as part of a constant effort to improve

• Can’t create alias “Email alias already exists”

  Hi, I’m trying to create the following alias for my domain email. contact@ personal@ private@ But I get a email alias already exists. I had a soho account previously which I deleted which I suspect is causing the issue. Can someone assist? Kind Rega

• Appraisals - Order of Previous Reviews Should Be Newest to Oldest

  The new Zoho People layout generally does a decent job at providing the necessary information for performing appraisals of employee performance. One example of this is the Previous Reviews section: This information is helpful when conducting a review.

• Paging through API results. a major gap in your documentation.

  There is no way for me. to get all of my data through a single API call. Typically REST APis have mechanisms for paging through API results. But the documentation for the API I am using: https://desk.zoho.com/DeskAPIDocument#Introduction Has no mention

• Recurring invoices were generated with old template...

  I have recurring invoices setup. Ones generated on 10.20.2025 used the modified template I had used. But for some reason, on the ones created on 11/20/2025, it seems the invoices created reverted to the previous version of the invoice template. Notably,

• Tip #54- Exploring the Files Icon in Zoho Assist- 'Insider Insights'

  As we’re already in mid-December, it’s a good time to take a closer look at one of the most useful options in the Zoho Assist remote support dashboard—the Files icon. To get started, log in to Zoho Assist using your credentials. Once you’re in, navigate

• Tip#47: Estimation planner

  Sprint planning becomes easier, smoother, more collaborative and more accurate with the Estimation Planner extension. Most work items involve multiple users, and each user's role and effort vary. To provide an unbiased and fair estimation point to the

• Time Tracking on Iphone doesn't stop

  When I start a time tracking session the timer starts as expected. However when I hit stop, the timer remains on that project. The only buttons available are discard and start. Start runs the timer more and discard says it will throw away the data from

• Zoho Sign - Zoho CRM extension upgrade

  Hi everyone, We've updated Zoho Sign extension for Zoho CRM with significant internal changes. Impact on existing Zoho Sign extension users Users using the extension without customization If you are using the integration without implementing Zoho Sign's

• Group by Owner/ Owner Kanban /Group by Custom Field

  Hi, We are missing the option of viewing Tasks grouped by their owner, as it is an essential function for us to manage our employees' working tasks. We find it hard to inspect what are the tasks that our employees are working on.  We are seeking an option

• Flow using way too many tasks

  I built a flow that is using way too many tasks for what it is doing. I reached out to support a week ago but never heard back so hoping the community can help. Does a filter count as a task? I am seeing tons of records filtered with < 1 Sec Time Taken

• Regarding the integration of Apollo.io with Zoho crm.

  I have been seeing for the last 3 months that your Apollo.io beta version is available in Zoho Flow, and this application has not gone live yet. We requested this 2 months ago, but you guys said that 'we are working on it,' and when we search on Google

• Start Workflow from Deluge Script

  I have developed a customized process from our CRM that leverages a deluge script to create a statement of work document. Once the document has been created via the merge and store function, I would like the ability to start a workdrive review & approve

• Saved Sections?

  In sites editor, the + button reveals options to add a section, element, etc. It includes Saved Sections, but I can find no way to save a section I've already created. Otherwise, is there a way to copy a section from one page to another?

• Marketer's Space: Unable to select a sender address? Here's the fix

  Hello Marketers, Welcome back to yet another post! So you've added a sender address in Zoho Campaigns and later found that you're not able to select it while creating an email campaign. Has this ever happened to you? If so, don't worry—you're not alone.

• Loading Project Balances in ZOHO Books for each project

  Hello, What is the best method for loading project balances actual and budget into ZOHO books to provide tracking to our project managers. We have projects and federal awards (also treated as projects) which span multiple years. We are converting from

• Scale up your writing style with content analysis tool in Knowledge Base

  Hello everyone, Sometimes writers may have strong knowledge about the subject but may find it challenging to articulate clearly or produce comprehensible, jargon free content. To make the process easier and to ensure consistent, high-quality articles,

• Zoho Books "Update" Trigger for Zapier?

  Hi Zoho Team, I've been in talks with Zapier about using their services to connect my Zoho Books account to various apps, but I require an additional trigger beyond the "New" trigger. I require an "Update" trigger, which will allow me to filter and create Zaps only when certain conditions are fulfilled on the Zoho Books end before I automate a separate app. Specifically this will help me create invoices in QuickBooks Online only when payments are recorded in Zoho Books, rather than when a new invoice

• Next Page