Kaizen #4 - Troubleshooting OAuth2.0
Hello everyone!
Welcome back to yet another post in Kaizen! Earlier in this series, we discussed OAuth2.0 and Self Client. In continuation of that, we will now discuss the various errors that you may face while using OAuth2.0 and how you can handle them.
For better understanding, we have grouped the errors based on the OAuth2.0 flow itself.
You may face errors while
- Registering a client
- Generating the authorization code (grant token)a. For web-based applicationsb. For self client applications
- Generating access and refresh tokens from the grant token
1. Registering a Client
You can register a client in Zoho Developer Console either as a web application or a self client as displayed in the below image.
The below table explains the errors you may face while registering your client, and how you can handle them.
Error | Reason | Resolution |
Enter a valid client name | The client name has a special character. | The client name must not contain any special characters except "_" and "&". |
Enter a valid JavaScript Domain URI | The JavaScript domain is incorrect. | Specify valid JavaScript domains, separated by commas, and they must start with 'http'. |
Enter a valid redirect URI | The redirect URI is incorrect. | |
Enter a valid homepage URL | The homepage URL is invalid. |
The following images will give you an idea of these errors.
On a side note, the following are the mandatory entries for different client types. You will see an error when you do not specify any of these mandatory entries.
Client Type | Client Name | Homepage URL | Redirect URIs | JS Domains |
Java Script | Y | Y | Y | Y |
Web-based | Y | Y | Y | NA |
Mobile | Y | Y | Y | NA |
Self Client | N | N | N | NA |
Device | Y | Y | N | NA |
2. Generating the Authorization Code (Grant token)
As you already know, there are two ways in which you can generate the grant token based on the client type.
a. Web-based redirection
In this authorization flow,
- The web application redirects the user to the Zoho OAuth server with the required scope in the Accounts URL.
"https://accounts.zoho.com/oauth/v2/auth?scope=ZohoCRM.users.ALL&client_id={client_id}&response_type=code&access_type={"offline"or"online"}&redirect_uri={redirect_uri}". - As you can see, the request URL has the parameters "scope", "response_type", and "redirect_uri".
- The user sees the authorization prompt and approves the app's request as shown in the below image.
- The user is redirected back to the application with an authorization code in the query string.
- The application exchanges the authorization code for an access token.
The user may face one of the below errors when the application makes an authorization request with one or many incorrect parameters mentioned in step 1.
Error | Reason | Resolution |
ERROR_invalid_response_type | a) The value of the "response_type" key is not "code". b) You have not passed the mandatory keys in the request. | a) The value of the "response_type" key must be "code". b) Pass all the mandatory keys in the request to generate the grant token. |
ERROR_invalid_client | The client ID is wrong or empty. | Pass the right client ID. You can check your client ID from the developer console. |
ERROR_invalid_redirect_uri | The redirect URI value passed, and the one registered in the developer console mismatches. | Pass the right redirect URI. |
ERROR_invalid_scope | The scope is invalid. |
As you can see, the scope ZohoCRM.user.ALL is incorrect and hence, the system throws the error.
The application must again make the authorization request with proper scopes.
b. Self Clients
After registering your application as a self client, you must provide the necessary scopes in the UI under the Generate Code tab.
The system throws an error when you enter one or more incorrect scopes.
Enter valid scopes and click Generate to generate the code as shown below.
3. Generating Access and Refresh Tokens from the Grant Token
To generate the access and refresh tokens,
- Make a POST API call with the URL "{{accounts-domain}}/oauth/v2/token".
- In the request body, pass the values of the following parameters.a. client_idb. client_secretc. redirect_urid. code(this is the generated grant token)e. grant_type
You may face errors when one or more of the above parameters have a wrong value as shown in the below image.
Error | Reason | Resolution |
invalid_client | a) You have passed an invalid Client ID or secret. b) Domain mismatch. You have registered the client and generated the grant token in a certain domain (US), but generating the tokens from a different domain (EU). c) You have passed the wrong client secret when multi-DC is enabled. | a) Specify the correct client ID and secret. b) Ensure that you generate the grant, access, and refresh tokens from the same domain using the same domain URL (or) Enable Multi-DC for your client to generate tokens from any domain. c) Each DC holds a unique client secret. Ensure to pass the right client secret for that DC. |
invalid_code | a) The grant token has expired. b) You have already used the grant token. c) The refresh token to generate a new access token is wrong or revoked. | a) The grant token is valid only for one minute in the redirection-based flow. Generate the access and refresh tokens before the grant token expires. b) You can use the grant token only once. c) Specify the correct refresh token value while refreshing an access token. |
invalid_redirect_uri | The redirect URI in the request mismatches the one registered in the developer console. | Specify the correct redirect URI in the request. |
Points to note
- For redirection-based authorization, the grant token is valid only for a minute.
- For self client apps, the grant token is valid for the time you selected while authorizing your application.
- If the generation of access and refresh tokens from the grant token fails, the grant token becomes invalidated. You must generate another grant token.
- You can generate a grant token only up to five times in a minute.
- The access token is valid only for an hour. You must use the refresh token to generate new access tokens.
- The refresh token does not expire. It is invalidated only when you revoke the refresh token.
- Each user in an organization can have a maximum of 20 refresh tokens. Also, each refresh token can have a maximum of 30 active access tokens.
- When a user creates the 31st access token, the system deletes the first created access token. Similarly, when the user creates the 21st refresh token, the system deletes the first created refresh token.
We hope you found this post useful. Keep a tab on this series for more exciting topics!
Reach out to us at support@zohocrm.com if you have any questions, or let us know in the comment section.
Cheers!
Access your files securely from anywhere
New to Zoho Recruit?
Zoho Developer Community
New to Zoho LandingPage?
Zoho LandingPage Resources
New to Zoho Survey?
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Bigin?
Topic Participants
Shylaja S
709613389@zohoclosedAccount.com
Jaya Suriya J
Summerswintersacc
Mohan
Sticky Posts
Kaizen #216 - Actions APIs : Email Notifications
Welcome to another week of Kaizen! For the last three weeks, we have been discussing Zylker's workflows. We successfully updated a dormant workflow, built a new one from the ground up and more. But our work is not finished—these automated processes areKaizen #152 - Client Script Support for the new Canvas Record Forms
Hello everyone! Have you ever wanted to trigger actions on click of a canvas button, icon, or text mandatory forms in Create/Edit and Clone Pages? Have you ever wanted to control how elements behave on the new Canvas Record Forms? This can be achievedKaizen #142: How to Navigate to Another Page in Zoho CRM using Client Script
Hello everyone! Welcome back to another exciting Kaizen post. In this post, let us see how you can you navigate to different Pages using Client Script. In this Kaizen post, Need to Navigate to different Pages Client Script ZDKs related to navigation A.Kaizen #210 - Answering your Questions | Event Management System using ZDK CLI
Hello Everyone, Welcome back to yet another post in the Kaizen Series! As you already may know, for the Kaizen #200 milestone, we asked for your feedback and many of you suggested topics for us to discuss. We have been writing on these topics over theKaizen #197: Frequently Asked Questions on GraphQL APIs
🎊 Nearing 200th Kaizen Post – We want to hear from you! Do you have any questions, suggestions, or topics you would like us to cover in future posts? Your insights and suggestions help us shape future content and make this series better for everyone.
New to Zoho TeamInbox?
Zoho TeamInbox Resources
Zoho CRM Plus Resources
Zoho Books Resources
Zoho Subscriptions Resources
Zoho Projects Resources
Zoho Sprints Resources
Qntrl Resources
Zoho Creator Resources
Zoho CRM Resources
Design. Discuss. Deliver.
Zoho Show Resources
Get Started. Write Away!
Writer is a powerful online word processor, designed for collaborative work.
Zoho CRM コンテンツ
-
オンラインヘルプ
-
Webセミナー
-
機能活用動画
-
よくある質問
-
Ebook
-
-
Zoho Campaigns
- Zoho サービスのWebセミナー
その他のサービス コンテンツ
Nederlandse Hulpbronnen
ご検討中の方
Recent Topics
Camera access
My picture doesn't appear in a group discussion. (The audio is fine.) The guide says "Click the lock icon on address bar," but I can't find it. Advise, pleaseChat for webinar session, schedule meeting session for 24 hours - Zoho Meeting iOS app update
Hello, everyone! In the most recent iOS version of the Zoho Meeting app, we have introduced the chat functionality for the webinar session. To access this feature, the Organizer should have the 'Public chat' option enabled on the Zoho Meeting desktopInvoice Copy 2005116990189
Please provide the invoice for the trancaction 2005116990189Darshan Hiranandani About
Hi, I’m Darshan Hiranandani, a dedicated software developer with a strong passion for creating efficient and user-friendly applications. With a degree in Computer Science and several years of experience in the tech industry, I specialize in full-stackLatest update in Zoho Meeting | On-demand webinars
Hello everyone, We’re excited to introduce our new on-demand webinar feature, you can now provide pre-recorded sessions that your audience can access immediately, no need to wait for scheduled sessions. Benefits of On-demand webinars : Scheduling flexibilityZoho Meeting iOS app update - Join breakout rooms, access polls, paste links and join sessions, in session host controls
Hello, everyone! In the latest iOS version(v1.7) of the Zoho Meeting app, we have brought in support for the following features: Polls in meeting session Join Breakout rooms Paste link in join meeting screen Foreign time zone in the meeting details screen.Zoho Meeting app update.
Hello, everyone! In the latest Android (v2.3.7) and iOS (v1.7.1) versions of the Zoho Meeting app, we have brought in support for the following features: Report Abuse option. WorkDrive integration. Report Abuse option You can now report to us any deceptiveZoho Meeting Android app update - v2.4.0
Hello everyone! We are excited to announce that we have brought in support for the following features in the latest version of the Zoho Meeting Android app(v2.4.0): 1. Start Personal Meeting Rooms 2. Revamp of the schedule meeting screen and meeting detailsIntroducing Zoho Desk integration and a few minor enhancements
Zoho Desk Integration We've now introduced an integration between Zoho Meeting and Zoho Desk to efficiently manage meeting-related customer inquiries. With this integration, you can track, respond to, and resolve meeting-related tickets directly fromZoho Meeting iOS app update: Hearing aid, bluetooth car audio and AirPlay audio support.
Hello everyone! We are excited to announce the below new features in the latest iOS update(v1.7.4) of the Zoho Meeting app: 1. Hearing aid support: Hearing aid support has been integrated into the application. 2. Bluetooth car Audio, AirPlay audio support:Zoho Meeting Android app update: Breakout rooms, noise cancellation
Hello everyone! In the latest version(v2.6.1) of the Zoho Meeting app update, we have brought in support for the following features: 1. Join Breakout rooms. 2. Noise cancellation Join Breakout rooms. Breakout Rooms are virtual rooms created within a meetingiOS 12 update: Introducing autofill passwords and Siri Shortcuts in Zoho Vault
With this iOS 12 release, Zoho Vault users can now autofill usernames and passwords on Safari and other third-party apps. Users can enjoy a seamless login experience to their everyday apps without compromising security and also access passwords stored in Zoho vault with Siri Shortcuts by adding personalized phrases. How to enable autofill password on your iOS device? First, you need to update your device to iOS 12. Apple recommends you to take a backup before you update your device to the latestZoho Vault: A look at what's new for iOS, iPadOS, and macOS
Hi everyone, At Zoho Vault, we constantly aim to improve your security experience. Based on both internal and external feedback, we have recently rolled out updates across our iOS, iPadOS, and support for macOS platforms. Introducing the desktop app forBiometric Access Support on Zoho Vault Desktop App
Is there any plans to add biometric authentication (fingerprint, face recognition) for Vault desktop apps (Windows/macOS) to enhance security and ease of access. I would love to hear other members view on thisFree webinar: Learn the benefits of migrating to Zoho Vault's new interface
With remote work becoming more and more common across the globe, productivity and time management are now pivotal concerns for every organization. With the number of business applications employed by companies constantly increasing, a password manager like Zoho Vault saves a lot of productive hours for your team. Vault's new interface has been carefully designed to address these pressing needs, helping users increase their productivity while improving their overall online experience. This July,Free Webinar: An exclusive live Q&A session with the Zoho Vault team
As 2020 draws to an end, we're closing out a year that has seen drastic changes all around the world. Many businesses have adopted cloud solutions and a remote work culture for the first time, and this has given rise to newer cyber risks and threats thatWhy passwordless authentication should be your top security project for 2021
Hello users! We know that nobody likes to remember passwords, yet they form an indispensable part of our lives. Many of us working with any kind of technology today manage numerous passwords for personal and business accounts. With the widespread adoptionFree Webinar: See why Zoho Vault is the best alternative to LastPass
When LastPass was acquired by LogMeIn in Oct 2015, we expressed our genuine concern about how this would change the LastPass business model and how customer trust would transfer from one company to another. As we suspected, LastPass doubled their pricingManaging cyber threats when working remotely | A Customer Survey Report
The nearly universal adoption of remote work has changed the way businesses function. Globally, enterprises continue to work to find new ways to make life easier for employees working remotely. However, a commonly cited concern has been the lack of cybersecurityWorld Password Day: 5 interesting facts about passwords
It's World Password Day: that time of the year when we talk about password hygiene and the importance of safe password management. World Password Day is observed on the first Thursday of every May, and this year, we'd like to talk about some of the mostFree Webinar: Go passwordless in 2022 with Zoho Vault
Passwords have long been the preferred authentication method, largely due to their universal appeal. While they're easy for people to use and implement, they're also convenient for hackers to exploit. Reports from 2021 state that weak and stolen passwordsMyki has announced EOL for its services | Learn why Zoho Vault password manager is the best alternative
Hello Myki users, Myki has announced end-of-life for its Teams, MSP, and GUARD services, after being acquired by JumpCloud. In their recent announcement, Myki stated that they will be removing their apps and extensions from the respective stores, turningJoin our exclusive meetup with Zoho's Real Estate community
Hey there, The Zoho Vault team is conducting a meetup for all real-estate users from Zoho. During this session, we will be discussing the need for secure password management and how Vault can help you and your clients safely protect passwords and otherFree webinar: A quick walkthrough of Zoho Vault and major updates in 2023
Managing passwords is crucial for all businesses. You can securely store, share, and manage passwords effectively from anywhere with Zoho Vault. We have introduced several new features in 2023 to offer the best online experience for our users. Join ourFree webinar: Why a password manager is a “must-have” for everyone in 2024
In the past decade, we've witnessed numerous cybersecurity breaches globally, with a significant portion resulting from the "it won't happen to me" mindset. Shockingly, in 2023, 86% of breaches involved weak and stolen passwords. Password hygiene is crucialZoho Vault - Webinars 2023 - Video Recordings and Slide Decks
Hello, We wanted to offer a consolidated list of Zoho Vault webinar resources from 2023. Therefore, we're putting together a list that includes links to our webinar recordings and slide decks for easy access. Webinar Video recording Slide deck GettingFree webinar: Focal point: Building a financial ecosystem with Zoho Vault and Zoho Workplace
Hi everyone! Cyber threats against the financial sector are escalating. In the last two decades, nearly one-fifth of reported incidents targeted financial institutions, causing $12 billion in direct losses. Cybercriminals are becoming more sophisticated,New features in Zoho Vault
We’re thrilled to introduce a wave of powerful updates in Zoho Vault, designed to enhance security, streamline workflows, and improve your overall experience. Let’s dive into what’s new! Folder creation restrictions Limit who can create folders in yourJoin our World Password and Passkey Day expert Q&A 2025
Hey everyone! World Password and Passkey Day is almost here, and there's no better time to talk about something we all rely on daily—secure authentication. Did you know that a staggering 60% of hacking-related breaches are tied to weak or stolen passwords?Dashlane discontinued its free plan: Here's why Zoho Vault's free plan is worth the switch
Hey everyone, Dashlane password manager has officially announced that its free plan will be discontinued starting September 16, 2025. This change means that current free users will need to either upgrade to a paid subscription or export their data andIntroducing SecureForms in Zoho Vault
Hey everyone, Let’s face it—asking someone to send over a password or other sensitive data is rarely straightforward. You wait. You nudge. You follow up once, twice—maybe more. And when the information finally arrives, it shows up in the worst possibleClickjacking: Zoho Vault's Response
Issue: Password manager browser extensions are found to be vulnerable to clickjacking security vulnerabilities that could allow attackers to steal account credentials, TFA codes, and card details under certain conditions. Reported by: Marek Toth, IndependentFree webinar: Security that works: Building resilience for the AI-powered workforce
Hello there, Did you know that more than 51% of organizations worldwide have experienced one or more security breaches, each costing over $1 million in losses or incident response? In today’s threat landscape, simply playing defense is no longer enough.Free webinar—Redefining workforce security with Zoho Vault: Passwords, passkeys, and multi-factor authentication
Hi everyone! Did you know that in Q2 alone, 94 million data records were leaked globally? Behind every breach is a combination of poor password habits, phishing attacks, privilege misuse, and simple human error. The fallout—including reputational damage,Fill Colors
Hello, Just curious, is it possible to manage the Used and standard colors in the fill drop down menu ? I would like to change/edit them is possible to colors I frequently use. Thanks for you reply, BruceIs there a way to generate a virtual meeting for a group service in Zoho Bookings?
Are virtual meetings not supported for group services/meetings? I have integrated Zoom with one-on-one services, but I need a way to create an online group meeting. ThanksItems Below Reorder Point Report?
Is there a way to run a report of Items that are below the Reorder Point? I don't see this as a specific report, nor can I figure out how to customize any of the other stock reports to give me this information. Please tell me I'm missing something sClient scripts for Zoho Books ?
Good day everyone, I am looking for a way to be able to interact with the Quotes and Invoices as they are being created. Think of it like Zoho client script in Zoho CRM. But for the life of me I dont see a way to do this. The issue with having functionFillable template with dynamic tables?
Is there a way to build a fillable template so that users can add rows to a table? To describe what I'm trying to accomplish the table has 3 sections; a header row, some number of rows with custom information, and a summary row with totals. I can't figureInvoicing multiple expense items as a single line item
My client would like me to invoice them for multiple expense items on a single line item on an invoice. Can this be done? I know I can import billable expenses to an invoice, but I don't know how to show them as a single line item or have themNext Page