Bug: OAuth 2.0 State Parameter fails with Pipe Delimiters (RFC 6749 Non-Compliance)

https://accounts.zoho.com/oauth/v2/auth?response_type=code
    &client_id=<client_id>
    &scope=<scope>
    &redirect_uri=<redirect_uri>
    &access_type=offline
    &state=<state_value>

// Instead of using pipes as delimiters:
state = csrf_token + "|" + user_id + "|" + redirect_path;
// ❌ This breaks Zoho's authorization flow

// Developers must use alternative approaches:
state = csrf_token + "_SEP_" + user_id + "_SEP_" + redirect_path;
// or
state = base64_encode(json_encode({"csrf": token, "user": id, "path": path}));
// or
state = csrf_token; // Store other data server-side keyed by CSRF token

• Topic Participants

• Damien Cregan

  

• Sticky Posts

• Deprecation of SMS-based multi-factor authentication (MFA) mode

  Overview of SMS-based OTP MFA mode The SMS-based OTP MFA method involves the delivery of a one-time password to a user's mobile phone via SMS. The user receives the OTP on their mobile phone and enters it to sign into their account. SMS-based OTPs offer

• Recent Topics

• How can I hide "My Requests" and "Marketplace" icon from the side menu

  Hello everybody, We recently started using the new Zoho CRM for Everyone. How can I hide "My Requests" and "Marketplace" from the side menu? We don't use these features at the moment, and I couldn't find a way to disable or remove them. Best regards,

• Ability to assign Invoice Ownership through Deluge in FSM

  Hi, As part of our process, when a service appointment is completed, we automated the creation of the invoice based on a specific business logic using Deluge. When we do that, the "Owner" of the invoice in Zoho FSM is defaulted to the SuperAdmin. This

• Right Shift key not sending to Zoho Assist environments

  I'm unable to use Right Shift key in Zoho environments. Zoho environments are Win10. Computer I access from is Win 11. Issue started when I changed to Win 11. Have tried: - Multiple browsers - web client AND desktop client - 3rd party mapping tools to

• How do you do ticket add ons in Backstage?

  Hi Everyone, If you wanted to have general admin tickets and allow for add ons, like camping, or car or Carbon offset. What would you do? Peace Robin

• From Zoho CRM to Paper : Design & Print Data Directly using Canvas Print View

  Hello Everyone, We are excited to announce a new addition to your Canvas in Zoho CRM - Print View. Canvas print view helps you transform your custom CRM layouts into print-ready documents, so you can bring your digital data to the physical world with

• validation rules doesn't work in Blueprint when it is validated using function?

  I have tried to create a validation rule in the deal module. it works if I try to create a deal manually or if I try to update the empty field inside a deal. but when I try to update the field via the blueprint mandatory field, it seems the validation

• Pull cells from one sheet onto another

  Hello all! I have created an ingredients database where i have pricing and information and i want to pull from that database into a recipe calculator. I want it to pull based on what ingredient I choose. The ingredients database has an idea and i want

• How can Data Enrichment be automatically triggered when a new Lead is created in Zoho CRM?

  Hi, I have a pipeline where a Lead is created automatically through the Zoho API and I've been trying to look for a way to automatically apply Data Enrichment on this created lead. 1) I did not find any way to do this through the Zoho API; it seems like

• Emails Failing with “Relaying Issues – Mail Sending Blocked” in ZeptoMail

  Hello ZeptoMail Support Team, We are facing an email delivery issue in our ZeptoMail account where emails are failing with the status “Process failed” and the reason “Relaying issues – Mail sending blocked.” Issue Details Agent Name: mail_agent_iwwa From

• How does Zoho handle support operations for our EU users?

  Dear Zoho users, We have some news and reminders about how we handle support operations for Zoho users in the EU Data Center. This is part of our broader commitment to ensuring GDPR compliance and providing secure data handling for all users. We'd like

• Sender Email Configuration Error.

  Hello Team, Hope you are all doing well. We are in the process of creating the Zoho FSM environment in the UAE. When we try to add the sender email address “techsupportuae@stryker.com”, we receive the error message: “Error occurred while sending mail

• Different Task Layouts for Subtasks

  I was wondering how it would be possible for a subtask to have a different task layout to the parent task.

• Layout Adjustment.

  Hello Latha, Hope you are doing well. I wanted to check with you about adjusting the layout columns in the Service Report from the backend, as currently there is no capability for us to customize the layout from our end. Below is the output that I am

• Let us view and export the full price books data from CRM

  I quote out of CRM, some of my clients have specialised pricing for specific products - therefore we use Price Books to manage these special prices. I can only see the breakdown of the products listed in the price book and the specialised pricing for

• Anyone in Australia using Zoho Books AND has their account with NAB?

  Hi I have an account with both NAB and Suncorp. Suncorp transaction come in the next day however NAB transactions take 4-5 business days to appear. eg: A deposit made today in my Suncorp will be imported into Zoho tomorrow. A deposit made today to the NAB account will be imported maybe Saturday (Friday overnight). I have contacted both Zoho and NAB but noone seems to know why. I was just wondering if anyone else in Australia uses NAB and has this issue (or doesn't) maybe we could compare notes and

• Zoho Often Lag

  Desk Team, We've noticed that Desk, Creator & other apps seems to lag more these days. We often refresh multiple times.

• Offer already made- but I withdrew it

  I made an offer letter, but made a mistake on it. I withdrew the offer but now I can't recreate the correct offer. Zoho keeps saying that "A same offer has already been made". I look in the "offers" and there are NO offers (this is the first time I've

• Importing into the 'file upload' field

  Can you import attachments into the file upload field. I would expect it to work the same way as attachments do, But can't seem to get it to work. Moderation Update: The option to import into File Upload and Image Upload fields has been supported. Read

• Layout Rules Don't Apply To Blueprints

  Hi Zoho the conditional layout rules for fields and making fields required don't work well with with Blueprints if those same fields are called DURING a Blueprint. Example. I have field A that is used in layout rule. If value of field A is "1" it is supposed to show and make required field B. If the value to field A is "2" it is supposed to show and make required field C. Now I have a Blueprint that says when last stage moves to "Closed," during the transition, the agent must fill out field A. Now

• Why is the ability Customize Calls module so limited?

  Why can't I add additional sections? why can't I add other field types than the very limited subset that zoho allows? Why can I only add fields to the outbound/inbound call sections and not to the Call Information section?

• Zoho Desk blank screen

  opened a ticket from my email, zoho desk comes up blank, nothing loads. our receptionist also gets the same thing under her login on her computer. our sales rep also gets same thing on zoho desk at his home on a different computer. I tried clearing cache/history/cookies,

• Exporting All Custom Functions in ZohoCRM

  Hello, All I've been looking for a way to keep about 30 functions that I have written in Zoho CRM updated in my own repository to use elsewhere in other instances. A github integration would be great, but a way to export all custom functions or any way

• Optimum CRM setup for new B2B business

  Can some advise the most common way to setup Zoho CRM to handle sales for a B2B company? Specifically in how to handle inbound/outbound emails. I have spent hours researching online and can't seem to find an accepted approach, or even a tutorial. I have

• filter on sheets mobile (iOS, iPadOS) does not work

  I have this issue on every spreadsheet, whether imported or created natively in Zoho Sheets. I can use on desktop without issue: desktop screenshot on iOS the filter dropdowns are not there and there is no way to add them mobile iPadOS looks the same

• 【Zoho CRM】商談タブへのデータインポート

  Zoho使用前にエクセルで管理していた商談情報を、Zoho一括管理のため、商談タブにインポートしたいのですが、お客さまの氏名だけが紐づけられませんでした。 「Zoho CRMにインポートする項目を関連付ける」のところが画像のようになっています。 （弊社では、「姓」を「★個人データ名」という項目名に変更し、フルネームを入れて使用しています。） どのようにしたら氏名をインポートできるかご存じの方がいらっしゃいましたら、ご教示いただきたく、よろしくお願いいたします。 （投稿先が間違っていましたらご指

• Canva Integration

  Hello! As many marketing departments are streamlining their teams, many have begun utilizing Canva for all design mockups and approvals prior to its integration into Marketing automation software. While Zoho Social has this integration already accomplished,

• Can't edit Segments

  Happening with 2 different Zoho One environments, in different browsers. Please fix.

• Zoho Sheet for Desktop

  Does Zoho plans to develop a Desktop version of Sheet that installs on the computer like was done with Writer?

• Transfer ownership of files and folders in My Folders

  People work together as a team to achieve organizational goals and objectives. In an organization, there may be situations when someone leaves unexpectedly or is no longer available. This can put their team in a difficult position, especially if there

• Consumer Financing

  Does Zoho currently have a payment gateway (such as Stripe, Square, etc) which offers financing for customers? So, let's say the estimate we give the customer is greater than what they can afford at the time, but we can sell the service now, letting them

• Subform edits don't appear in parent record timeline?

  Is it possible to have subform edits (like add row/delete row) appear in the Timeline for parent records? A user can edit a record, only edit the subform, and it doesn't appear in the timeline. Is there a workaround or way that we can show when a user

• Zoho CRM - Option to create Follow-Up Task

  When completing a Zoho CRM Task, it would be very helpful if there was an option to "Complete and Create Follow-Up Task" in the pop-up which appears. It could clone the task you are closing and then show it on the screen in edit mode, all the user would

• Mandatory Field - but only at conversion

  Hello! We use Zoho CRM and there are times where the "Lead Created Date & Time" field isn't populated into a "Contractor" (Account is the default phrase i believe). Most of my lead tracking is based on reading the Lead Created field above, so it's important

• Zoho CRM for Everyone's NextGen UI Gets an Upgrade

  Hello Everyone We've made improvements to Zoho CRM for Everyone's Nextgen UI. These changes are the result of valuable feedback from you where we’ve focused on improving usability, providing wider screen space, and making navigation smoother so everything

• File Upload field automatically replaces spaces with underscores – support experience

  Hi everyone, I want to share my recent experience regarding the File Upload field behavior in Zoho Creator and my interaction with the Zoho support team. When a user uploads a file, the system automatically renames the document by replacing spaces in

• Deluge function to copy parent record file upload field to child record file upload field

  I'm stuck trying to write a deluge function that is triggered via automation in child record "Appointments," confirms if a file is in file upload "Report" field of parent "Contacts" record via Contacts lookup field "Contact_Name". If no file is in parent

• Zoho Books Sandbox environment

  Hello. Is there a free sandbox environment for the developers using Zoho Books API? I am working on the Zoho Books add-on and currently not ready to buy a premium service - maybe later when my add-on will start to bring money. Right now I just need a

• Make panel configuration interface wider

  Hi there, The same way you changed the custom function editor's interface wider, it would be nice to be able to edit panels in pages using the full width of the screen rather than the currently max-width: 1368px. Is there a reason for having the configuration panel not taking the full width? Its impossible at this width to edit panels that have a lot of elements. Please change it to 100% so we can better edit the layouts. Thanks! B.

• Image Compression Options

  Much better if we have level of options to compress the image [20%, 40%...] We are dealing with service reports daily that has before and after photos (image field)- the file size too large and one thing, the current limit is 10mb or 15mb for report

• Cannot get code to work with v2.mergeAndStore!

  Please can someone help me pass subform items into a repeating mail merge table row using v2.mergeAndStore? I have a mail merge template created in Writer and stored in Workdrive. This template is referenced by a custom CRM function which merges all of

• Next Page