Bug: OAuth 2.0 State Parameter fails with Pipe Delimiters (RFC 6749 Non-Compliance)

https://accounts.zoho.com/oauth/v2/auth?response_type=code
    &client_id=<client_id>
    &scope=<scope>
    &redirect_uri=<redirect_uri>
    &access_type=offline
    &state=<state_value>

// Instead of using pipes as delimiters:
state = csrf_token + "|" + user_id + "|" + redirect_path;
// ❌ This breaks Zoho's authorization flow

// Developers must use alternative approaches:
state = csrf_token + "_SEP_" + user_id + "_SEP_" + redirect_path;
// or
state = base64_encode(json_encode({"csrf": token, "user": id, "path": path}));
// or
state = csrf_token; // Store other data server-side keyed by CSRF token

• Topic Participants

• Damien Cregan

  

• Affan Mohammed

  

• Sticky Posts

• Deprecation of SMS-based multi-factor authentication (MFA) mode

  Overview of SMS-based OTP MFA mode The SMS-based OTP MFA method involves the delivery of a one-time password to a user's mobile phone via SMS. The user receives the OTP on their mobile phone and enters it to sign into their account. SMS-based OTPs offer

• Recent Topics

• Add Ability to Reset Help Center User MFA in Zoho Desk

  Hello Zoho Desk Team, First of all, thank you for recently adding support for Multi-Factor Authentication (MFA) in the Zoho Desk Help Center. We’re very happy to see this enhancement go live, especially since this was a highly requested security feature.

• Allow 2 logos for Branding, one for Light Mode and one for Dark Mode?

  Our logo has a lot of black text on it. If we leave the background transparent, per recommendation of Zoho, when a user is viewing a file and turns on dark mode, our logo is not really visible and looks really weird. It would be really great if we could

• Upgraded sentiment analysis model for more accurate detection

  Hello everyone! Sentiment Analysis in Zia is being upgraded to a newer model to improve how customer sentiment is detected and interpreted. This transition is aimed at getting better contextual understanding across all supported channels. As part of this

• Integrate QuickBooks with Bigin and streamline your sales and accounting!

  If your business relies on Bigin for customer management and QuickBooks for accounting and invoicing, this new integration is here to make your operations more efficient. By connecting these two platforms, you can now manage your CRM and financial processes

• Very limited support for MCP

  Has anyone else noticed how limited the MCP support for Zoho People currently is? Right now only a small set of read-only actions (exactly 15) seem to be available. At the same time Zoho CRM supports over 700+ functions. It makes it almost impossible

• How has Zoho still not resolved Daylight Savings Time?

  According to these forums Zoho has been working on DST for 12 years. Totally unacceptable. Am I missing something? Why are other customers who observe DST not screaming for this to be fixed? Are there reasonable workarounds? This is a must-have for us. 

• ZOHO Desk attachments support

  Hi I just setup MCP with claude, it works well, but it can't read attachments... which makes it kind of useless... Will you be adding attachment capabilities anytime soon?

• HOW I CAN GET BETA VERSION FOT TESTING

  HI. ZOHO I AM INTERESTED IN YOUR BETA SOFTWARE TO EXPERIENCE NEW FEATURES.

• How to Generate Separate Labels for Each Invoice SKU Line Item in Zoho Books?

  Hi everyone, I’m trying to implement a requirement in Zoho Books where separate labels need to be generated for each SKU/item from an invoice. Scenario: One invoice can contain multiple products/SKU items Each item/box should have its own separate label

• HTML PDF Templates / Build From Scratch option not visible for Custom Modules

  Hi everyone, I am working with Zoho Books Custom Modules and trying to create a custom 4x4 package label PDF template using HTML/CSS. According to the official Zoho Books documentation for HTML PDF Templates, there should be an option like: Settings →

• Updating Sales orders on hold

  Surely updating irrelevant fields such as shipping date should be allowed when sales orders are awaiting back orders? Maybe the PO is going to be late arriving so we have to change the shipment date of the Sales order ! Not even allowed through the api - {"code":36014,"message":"Sales orders that have been shipped or on hold cannot be updated."}

• Direct Integration Between Zoho Cliq Meetings and Google Calendar

  Dear Zoho Team, We’d like to submit the following feature request based on our current use case and the challenges we’re facing: 🎯 Feature Request: Enable meetings scheduled in Zoho Cliq to be automatically added to the host's Google Calendar, not just

• billable_expense_id in Invoice API does not set invoiced=true on bill line items — causes duplicates in Projects > Create Invoice

  Hi Zoho Community, We are running an automated batch invoicing system using the Zoho Books API and have hit two critical bugs that are causing duplicate invoice risk in production. Raising this here for visibility alongside a support ticket already filed.

• New fields : radio button

  Hi, when customizing a module (eg: Candidates), we are able to select different types of fields (check box, currency, list, ...). However there is no "radio-button" component. This type of fields is often used in Web pages and will be certainly a plus-value

• Looking for Guidance on Building a Zoho Website

  I'm exploring the possibility of building a custom website with specific features using Zoho as an alternative platform. My goal is to create something similar to https://gtasandresapk.com , with the same kind of functionality and user experience. I'd

• Huge confusion in zoho crm and zoho analytics

  Context => We have reporting based hierarchy in zoho crm and basically there will be one sales head and couple sales managers and 10 pre sales excutives divided between 2 sales managers we have maintained that in zoho crm and there is complex reporting

• Huge confusion in zoho crm and zoho analytics

  Context => We have reporting based hierarchy in zoho crm and basically there will be one sales head and couple sales managers and 10 pre sales excutives divided between 2 sales managers we have maintained that in zoho crm and there is complex reporting

• Import KB template OR Export template for zoho desk?

  Greetings. Can you tell me if there is a way to get an EXPORT of my KB articles? OR is there a template you supply for importing KB articles into my zoho desk? I am looking for a method of understanding what fields can be imported, and what their possible

• Choice Availability Reset

  If an entry is deleted which included a response to a field with choice availability enabled does that increase the number of remaining times the choice can be selected?

• Rich Text Type Format for Notes Field

  Has it been discussed or is there a way to insert a table in the notes field? We sometimes receive information in a table format, and it would be beneficial to have it in the same format as a note on a record.

• [Bug] WebAuthn passkey registration blocked on rpIds with TLDs longer than 6 characters (.accountant, .technology, etc.) — isValidDomain regex too strict

  Hi, Filing on behalf of an enterprise customer where Zoho Vault is deployed across the company. The Chrome extension blocks WebAuthn passkey registration on legitimate sites whose Relying Party ID (rpId) has a TLD longer than 6 letters. This affects every

• [Heads Up] Upcoming update to field values in Zoho Books - Zoho Analytics integration

  Hello Users, We'd like to inform you of an upcoming update to the Account Type field values in the Zoho Books integration for Zoho Analytics from June 1, 2026. What's Changing? The following values under the Account Type field are being renamed to align

• Important update: Migrate to the new SalesIQ live chat widget before May 15, 2026

  The old SalesIQ live chat widget will be deprecated on May 15, 2026. This is a final reminder to migrate to the new SalesIQ live chat widget before this date. After May 15, 2026, the old widget will no longer be maintained, which can lead to slower performance

• Zia Agent built in ChatKit UI does not render markdown

  Hi, You have a major shortcoming in the Zia Agent UI. The test UI that is embedded in agents.zoho.com allows you to test the agent has full support for rendering markdown, but your ChatKit UI does not have support for rendering markdown. If I embed it

• Team folder not created when creating project using zoho flow

  When I try to automate project creation using zoho flow, and I have enabled workdrive integration to automatically create team folders to attach to the project, this only works when I create a new project through the UI. But I am trying to automate project

• Zoho Projects - Email notification relabelling of modules not present on default templates

  Hi Projects Team, I noticed that in the default email template notification, the word "bug" was not renamed to the lable I am using in my system. As many users may used the Bugs modules for various purposes including Changes, Revisions, Issues, etc...

• GLM 5 not available

  Hello, I am trying to setup a Zia Agent using agents.zoho.com. The settings says that GLM5 is among the list of free zoho hosted models available. However, when I try to setup an agent and pick a model from the list only GLM 4.7 Flash is available. How

• Set Custom Icon for Custom Modules in new Zoho CRM UI

• Can not send or reply to mails

  Hello, I can not send mails or reply. If I try to send a mail i get "Unable to send message;Reason:553 Replaying disallowed. Invalid Domain - invata-programare.ro" Can you help me, please? Thank you!

• Kaizen #241: Automating Deal risk escalation using Workflow APIs, Connected Workflows, and Functions

  Hello everyone! Welcome to another Kaizen week. In many organizations, sales teams work in Zoho CRM, finance teams manage invoices in Zoho Books, and support teams handle customer issues in Zoho Desk. Now consider this scenario: A sales representative

• Upload own Background Image and set Camera to 16:9

  Hi, in all known online meeting tools, I can set up a background image reflecting our corporate design. This doesn't work in Cliq. Additionally, Cliq detects our cameras as 4:3, showing black bars on the right and left sides during the meeting. Where

• Allow Super Admins to Edit Task “Created By” and Issue “Reporter” Fields

  Hello Zoho Projects Team, We hope you are doing well. We would like to submit a feature request regarding the ability to manage and correct system ownership fields in Zoho Projects, specifically: Task → Created By Issue → Reporter / Reported By Current

• The Social Wall: April 2026

  Hello everyone, This month, we’re excited to bring you a set of new updates for Threads in Zoho Social, designed to make publishing, monitoring, and managing your content much easier Threads updates You’ll now see a few useful improvements in the compose

• Sort or filter CRM report by count value

  Hi there, I'm trying to create a report that will show me high frequency bookings (leads) coming through within a time period for any particular account - this is so we can proactively reach out to these accounts. I have a report that shows the information

• Error when changing user permission from read only to user.

  Hi there, Ive tried to change one of my users to be able to edit, however i kept getting the error user license exceed.

• Marketing Tip #30: Promote your brand differently on each social platform

  Not all social platforms work the same way. Posting the same content in the same way across every channel can limit your reach. Each platform has its own discovery system, and understanding what it prioritizes can dramatically improve how your brand is

• Whatsapp Limitation Questions

  Good day, I would like to find out about the functionality or possibility of all the below points within the Zoho/WhatsApp integration. Will WhatsApp buttons ever be possible in the future? Will WhatsApp Re-directs to different users be possible based

• **Building Role-Appropriate Accountability Layers in Zoho Projects - Looking for Real-World Experience**

  We're a small ISP/telecom operator on Zoho One and I'm trying to solve what I think is a common organizational problem. Would love to hear from others who've tackled it. **The Core Problem** Staff will only consistently use a project management system

• Duplicate entries for contacts birthdays

  Good morning I have recently started to use my Zoho calendar and noticed that there are multiple birthday events showing for some of my contacts. I have checked my contacts and there were duplicates for some contacts which I have now rectified but the

• Using IMAP configuration for shared email inboxes

  Our customer service team utilizes shared email boxes to allow multiple people to view and handle incoming customer requests. For example, the customer sends an email to info@xxxx.com and multiple people can view it and handle the request. How can I configure

• Next Page