Kaizen #4 - Troubleshooting OAuth2.0

Kaizen #4 - Troubleshooting OAuth2.0

Hello everyone!

Welcome back to yet another post in Kaizen! Earlier in this series, we discussed OAuth2.0 and Self Client. In continuation of that, we will now discuss the various errors that you may face while using OAuth2.0 and how you can handle them.

For better understanding, we have grouped the errors based on the OAuth2.0 flow itself.
You may face errors while
  1. Registering a client
  2. Generating the authorization code (grant token)
    a. For web-based applications
    b. For self client applications
  3. Generating access and refresh tokens from the grant token
1. Registering a Client
You can register a client in Zoho Developer Console either as a web application or a self client as displayed in the below image.

The below table explains the errors you may face while registering your client, and how you can handle them.

Error
Reason
Resolution
Enter a valid client name
The client name has a special character.
The client name must not contain any special characters except "_" and "&".
Enter a valid JavaScript Domain URI
The JavaScript domain is incorrect.
Specify valid JavaScript domains, separated by commas, and they must start with 'http'.
Enter a valid redirect URI
The redirect URI is incorrect.
Specify a valid redirect URI in the format "https://www.your-domain.com/callback".
Enter a valid homepage URL
The homepage URL is invalid.
Specify a valid homepage URL in the format "https://www.yourdomain.com".

The following images will give you an idea of these errors.



On a side note, the following are the mandatory entries for different client types. You will see an error when you do not specify any of these mandatory entries.


Client Type
Client Name
Homepage URL
Redirect URIs
JS Domains
Java Script
Y
Y
Y
Y
Web-based
Y
Y
Y
NA
Mobile
Y
Y
Y
NA
Self Client
N
N
N
NA
Device
Y
Y
N
NA

2. Generating the Authorization Code (Grant token)
As you already know, there are two ways in which you can generate the grant token based on the client type.

a. Web-based redirection
In this authorization flow,
  1. The web application redirects the user to the Zoho OAuth server with the required scope in the Accounts URL.
    "https://accounts.zoho.com/oauth/v2/auth?scope=ZohoCRM.users.ALL&client_id={client_id}&response_type=code&access_type={"offline"or"online"}&redirect_uri={redirect_uri}".
  2. As you can see, the request URL has the parameters "scope", "response_type", and "redirect_uri".
  3. The user sees the authorization prompt and approves the app's request as shown in the below image.

  4. The user is redirected back to the application with an authorization code in the query string.

  5. The application exchanges the authorization code for an access token.
The user may face one of the below errors when the application makes an authorization request with one or many incorrect parameters mentioned in step 1.

Error
Reason
Resolution
ERROR_invalid_response_type
a) The value of the "response_type" key is not "code".
b) You have not passed the mandatory keys in the request.
a) The value of the "response_type" key must be "code".
b) Pass all the mandatory keys in the request to generate the grant token.

ERROR_invalid_client
The client ID is wrong or empty.
Pass the right client ID. You can check your client ID from the developer console.
ERROR_invalid_redirect_uri
The redirect URI value passed, and the one registered in the developer console mismatches. 
Pass the right redirect URI.
ERROR_invalid_scope 
The scope is invalid.
Pass valid scopes. You can refer to the list of scopes here.


As you can see, the scope ZohoCRM.user.ALL is incorrect and hence, the system throws the error.
The application must again make the authorization request with proper scopes.

b. Self Clients
After registering your application as a self client, you must provide the necessary scopes in the UI under the Generate Code tab.
The system throws an error when you enter one or more incorrect scopes.

Enter valid scopes and click Generate to generate the code as shown below.


3. Generating Access and Refresh Tokens from the Grant Token
To generate the access and refresh tokens,
  1. Make a POST API call with the URL "{{accounts-domain}}/oauth/v2/token".
  2. In the request body, pass the values of the following parameters.
    a. client_id
    b. client_secret
    c. redirect_uri
    d. code(this is the generated grant token)
    e. grant_type
You may face errors when one or more of the above parameters have a wrong value as shown in the below image.


Error
Reason
Resolution
invalid_client
a) You have passed an invalid Client ID or secret.
b) Domain mismatch. You have registered the client and generated the grant token in a certain domain (US), but generating the tokens from a different domain (EU).
c) You have passed the wrong client secret when multi-DC is enabled.
a) Specify the correct client ID and secret.
b) Ensure that you generate the grant, access, and refresh tokens from the same domain using the same domain URL
(or)
Enable Multi-DC for your client to generate tokens from any domain.
c) Each DC holds a unique client secret. Ensure to pass the right client secret for that DC.
invalid_code
a) The grant token has expired.
b) You have already used the grant token.
c) The refresh token to generate a new access token is wrong or revoked.
a) The grant token is valid only for one minute in the redirection-based flow. Generate the access and refresh tokens before the grant token expires.
b) You can use the grant token only once.
c) Specify the correct refresh token value while refreshing an access token.
invalid_redirect_uri
The redirect URI in the request mismatches the one registered in the developer console.
Specify the correct redirect URI in the request.

Points to note

  1. For redirection-based authorization, the grant token is valid only for a minute.
  2. For self client apps, the grant token is valid for the time you selected while authorizing your application.
  3. If the generation of access and refresh tokens from the grant token fails, the grant token becomes invalidated. You must generate another grant token.
  4. You can generate a grant token only up to five times in a minute.
  5. The access token is valid only for an hour. You must use the refresh token to generate new access tokens.
  6. The refresh token does not expire. It is invalidated only when you revoke the refresh token.
  7. Each user in an organization can have a maximum of 20 refresh tokens. Also, each refresh token can have a maximum of 30 active access tokens.
  8. When a user creates the 31st access token, the system deletes the first created access token. Similarly, when the user creates the 21st refresh token, the system deletes the first created refresh token.

We hope you found this post useful. Keep a tab on this series for more exciting topics!

Reach out to us at support@zohocrm.com if you have any questions, or let us know in the comment section.


Cheers!


    • Sticky Posts

    • Kaizen #197: Frequently Asked Questions on GraphQL APIs

      🎊 Nearing 200th Kaizen Post – We want to hear from you! Do you have any questions, suggestions, or topics you would like us to cover in future posts? Your insights and suggestions help us shape future content and make this series better for everyone.

    • Kaizen #198: Using Client Script for Custom Validation in Blueprint

      Nearing 200th Kaizen Post – 1 More to the Big Two-Oh-Oh! Do you have any questions, suggestions, or topics you would like us to cover in future posts? Your insights and suggestions help us shape future content and make this series better for everyone.

    • Celebrating 200 posts of Kaizen! Share your ideas for the milestone post

      Hello Developers, We launched the Kaizen series in 2019 to share helpful content to support your Zoho CRM development journey. Staying true to its spirit—Kaizen Series: Continuous Improvement for Developer Experience—we've shared everything from FAQs

    • Kaizen #193: Creating different fields in Zoho CRM through API

      🎊 Nearing 200th Kaizen Post – We want to hear from you! Do you have any questions, suggestions, or topics you would like us to cover in future posts? Your insights and suggestions help us shape future content and make this series better for everyone.

    • Client Script | Update - Introducing Commands in Client Script!

      Have you ever wished you could trigger Client Script from contexts other than just the supported pages and events? Have you ever wanted to leverage the advantage of Client Script at your finger tip? Discover the power of Client Script - Commands! Commands

    • Recent Topics

    • Edit Permission during and after approval?

      When a record is sent for approval Can a user request for edit permission from the approver? We don't want to give edit permissions for all the records under approval Only on a case-by-case basis How can we achieve this?

    • Zoho web and mobile application not workingn

      Both zoho forms web and mobile application aren't working. I have checked my network connections and they are fine.

    • Introducing the revamped What's New page

      Hello everyone! We're happy to announce that Zoho Campaigns' What's New page has undergone a complete revamp. We've bid the old page adieu after a long time and have introduced a new, sleeker-looking page. Without further ado, let's dive into the main

    • Prevent stripping of custom CSS when creating an email template?

      Anyone have a workaround for this? Zoho really needs to hire new designers - templates are terrible. A custom template has been created, but every time we try to use it, it strips out all the CSS from the head.  IE, we'll define the styles right in the <head> (simple example below) and everything gets stripped (initially, it saves fine, but when you browse away and come back to the template, all the custom css is removed). <style type="text/css"> .footerContent a{display:block !important;} </style>

    • Bulk Moving Images into Folders in the Library

      I can't seem to select multiple images to move into a folder in order to clean up my image library and organize it. Instead, I have to move each individual image into the folder and sometimes it takes MULTIPLE tries to get it to go in there. Am I missing

    • Latest updates in Zoho Meeting | Breakout rooms and End to end encryption

      Hello everyone, We’re excited to share a few updates for Zoho Meeting. Here's what we've been working on lately: Introducing Breakout Rooms for enhanced collaboration in your online meetings and End-to-end encryption to ensure that the data is encrypted

    • Systematic SPF alignment issues with Zoho subdomains

      Analysis Period: August 19 - September 1, 2025 PROBLEM SUMMARY Multiple Zoho services are causing systematic SPF authentication failures in DMARC reports from major email providers (Google, Microsoft, Zoho). While emails are successfully delivered due

    • Accidentally deleted a meeting recording -- can it be recovered?

      Hi, I accidentally deleted the recording for a meeting I had today. Is there a way I can recover it?

    • To Zoho customers and partners: how do you use Linked Workspaces?

      Hello, I'm exploring how we can set up and use Linked Workspaces and would like to hear from customers and partners about your use cases and experience with them. I have a Zoho ticket open, because my workspace creation fails. In the meantime, how is

    • How to access email templates using Desk API?

      Trying to send an email to the customer associated to the ticket for an after hours notification and can't find the API endpoint to grab the email template. Found an example stating it should be: "https://desk.zoho.com/api/v1/emailtemplates/" + templateID;

    • Update Portal User Name using Deluge?

      Hey everyone. I have a basic intake form that gathers some general information. Our team then has a consultation with the person. If the person wants to move forward, the team pushes a CRM button that adds the user to a creator portal. That process is

    • Unable to retrieve Contact_Name field contents using Web API in javascript function

      Hello, I've added a field in the Purchase Order form to select and associate a Sales Order (Orden_de_venta, lookup field). I've also created a client script to complete some fields from the Sales Order (and the Quote), when the user specifies the related

    • Updating Woocommerce Variation Products Prices Via Zoho CRM

      I can update product prices with this flow: But I can't update variant products. I got a code from Zoho for this, but I couldn't get it to work. It needs to find the product in the CRM from the SKU field and update the variation with the price there.

    • Emails Disappearing From Inbox

      I am experiencing the unnerving problem of having some of the messages in my inbox just disappear.  It seems to happen to messages that have been in there for longer than a certain amount of time (not sure how long exactly). They are usually messages that I have flagged and know I need to act on, but have not gotten around to doing so yet.  I leave them in my inbox so I will see them and be reminded that I still need to do something about them, but at least twice now I have opened my inbox and found

    • Power of Automation :: Automatic removal of project users once the project status is changed.

      A custom function is a software code that can be used to automate a process and this allows you to automate a notification, call a webhook, or perform logic immediately after a workflow rule is triggered. This feature helps to automate complex tasks and

    • Customizing Form Questions per Recipient Group in Zoho Campaigns/Forms

      Hello everyone, I would like to ask if it’s possible in Zoho Campaigns or Zoho Forms to send out a campaign where the form questions can be customized based on the group of recipients. Use case example: I have prepared 20 questionnaire questions. For

    • Automatic category assignment

      Hi, I’d like to ask if there is a way to automatically assign an expense category based on the recognized Merchant. What would be the simplest way to set up automatic category assignment? Alternatively, is there an option to first choose the category

    • Zoho Books - France

      L’équipe de Zoho France reçoit régulièrement des questions sur la conformité de ses applications de finances (Zoho Books/ Zoho Invoice) pour le marché français. Voici quelques points pour clarifier la question : Zoho Books est un logiciel de comptabilité

    • Every time an event is updated, all participants receive an update email. How can I deactivate this?

      Every time an event is updated in Zoho CRM (e.g. change description, link to Lead) every participant of this meeting gets an update email. Another customer noticed this problem years ago in the Japanese community: https://help.zoho.com/portal/ja/community/topic/any-time-an-event-is-updated-on-zohocrm-calendar-it-sends-multiple-invites-to-the-participants-how-do-i-stop-that-from-happening

    • Having Trouble Opening The Candidate Portal

      Recently am having trouble opening the Candidate Portal. It keeps loading but cannot display any widgets. Tried Safari, Chrome and Edge. Non of them work. Please solve the problem ASAP.

    • Forms - Notification When Response Submitted

      How do I set it up to generate an email notification when a response (class request) is submitted?

    • How to disable user entry on Answer Bot in Zobot

      Hi, I have an Answer Bot in my Zobot, here is the configuration: I only want the user to choose 1 of the 4 the options I have provided: When no answer found, user chooses 'I'll rephrase the question' or 'Ask a different question When answer is found,

    • More admin control over user profiles

      It's important for our company, and I'm sure many others, to keep our users inline with our branding and professional appearance. It would be useful for administrators to have more control over profile aspects such as: Profile image User names Email signatures

    • Please Make Zoho CRM Cadences Flexible: Allow Inserting and Reordering Follow-Up Steps

      Sales processes are not static. We test, learn, and adapt as customers respond differently than expected. Right now, Zoho Cadences do not support inserting a new step between existing follow-ups or changing the type of an existing primary step. If I realize

    • Changing the Default Search Criteria for Finding Duplicates

      Hey everyone, is it possible to adjust the default search criteria for finding and merging duplicate records? Right now, CRM uses some (in my opinion nonsensical) fields as search criteria for duplicate records which do nothing except dilute the results.

    • Clear Tag & Linking Between Quotes and Sales Orders

      Hi Zoho Team, In Zoho Books, when a quote is converted into a sales order, it would be extremely useful to have: A clear tag/indicator on the quote showing that it has been converted into a sales order. A direct link in the sales order back to the originating

    • Zoho Books Sandbox environment

      Hello. Is there a free sandbox environment for the developers using Zoho Books API? I am working on the Zoho Books add-on and currently not ready to buy a premium service - maybe later when my add-on will start to bring money. Right now I just need a

    • Add Direct Ticket Link to Zoho Help Center Portal in Email Replies

      Hi Zoho Support Team, We hope you're doing well. We’d like to request a small but valuable improvement to enhance the usability of the Zoho Help Center portal (https://help.zoho.com/portal/en/myarea). Currently, when someone from Zoho replies to a support

    • [Webinar] Deluge Learning Series - AI-Powered Automation using Zoho Deluge and Gemini

      We’re excited to invite you to an exclusive 1-hour webinar where we’ll demonstrate how to bring the power of Google’s Gemini AI into your Zoho ecosystem using Deluge scripting. Whether you're looking to automate data extraction from PDFs or dynamically

    • Connecting Zoho Inventory to ShipStation

      we are looking for someone to help connect via API shipStation with Zoho inventory. Any ideas? Thanks. Uri

    • Subform edits don't appear in parent record timeline?

      Is it possible to have subform edits (like add row/delete row) appear in the Timeline for parent records? A user can edit a record, only edit the subform, and it doesn't appear in the timeline. Is there a workaround or way that we can show when a user

    • New in Cadences: Option to Resume or Restart follow-ups when re-enrolling records into a Cadence, and specify custom un-enrollment criteria

      Managing follow-ups effectively involves understanding the appropriate timing for reaching out, as well as knowing when to take a break and resume later, or deciding if it's necessary to start the follow-up process anew. With two significant enhancements

    • Im Stuck in an EDIT ONLY WITH WIZARD issue

      So I found Wizards to be a really helpful tool in minimizing the exposure of redundant, superfluous fields to staff that would never otherwise have to edit those fields. My issue is, that when the record (in this case a lead) is created with a wizard,

    • Account upgrade

      Good evening, I upgraded my account and paid for it. From standard to professional. Unfortunately after the paiment my account was not upgraded. Please your advise. Best Regards Erik van Staverden

    • How to set ALL default dates of my organization to DD-MM-YYYY format?

      All replies to this question comes from a time where the UI was different. It's extremely frustrating not being able to find how to do this simple setting change. I want everything and everyone in my organizations to have DD-MM-YYYY date format by default.

    • How can I sync from Zoho Projects into an existing Zoho Sprints project?

      Hi I have managed to integrate Zoho Projects with Zoho Sprints and I can see that the integration works as a project was created in Zoho Sprints. But, what I would like to do is to sync into an existing Zoho Sprints project. Is there a way to make that

    • Can we generate APK and IOS app?

      Dears, I want to know the availability to develop the app on zoho and after that .. generate the APK or IOS app  and after that I added them to play store or IOS store.. Is it possible to do this .. I want not to use zoho app or let my customers use it. thanks 

    • Zoho Subform Workflows onAdd of Row

      Suppose I have a form with attached workflows onLoad. If I use the form as a subform, will it inherit the workflows or do I need to create new ones onAdd of row?

    • Session Expired

      I constantly get "Session Expired" and need to relogin or close and open the application again. This gets really frustrating during the day. Is this something that can be solved? This really makes me want to leave the app as it is no go to need to reopen

    • Super Admin removal

      I brought a sub, and I gave the Super admin rights to a person who is no longer with us, so I need to change, and I need to make myself the Super admin

    • Next Page