Kaizen #4 - Troubleshooting OAuth2.0
Hello everyone!
Welcome back to yet another post in Kaizen! Earlier in this series, we discussed OAuth2.0 and Self Client. In continuation of that, we will now discuss the various errors that you may face while using OAuth2.0 and how you can handle them.
For better understanding, we have grouped the errors based on the OAuth2.0 flow itself.
You may face errors while
- Registering a client
- Generating the authorization code (grant token)a. For web-based applicationsb. For self client applications
- Generating access and refresh tokens from the grant token
1. Registering a Client
You can register a client in Zoho Developer Console either as a web application or a self client as displayed in the below image.
The below table explains the errors you may face while registering your client, and how you can handle them.
Error | Reason | Resolution |
Enter a valid client name | The client name has a special character. | The client name must not contain any special characters except "_" and "&". |
Enter a valid JavaScript Domain URI | The JavaScript domain is incorrect. | Specify valid JavaScript domains, separated by commas, and they must start with 'http'. |
Enter a valid redirect URI | The redirect URI is incorrect. | |
Enter a valid homepage URL | The homepage URL is invalid. |
The following images will give you an idea of these errors.
On a side note, the following are the mandatory entries for different client types. You will see an error when you do not specify any of these mandatory entries.
Client Type | Client Name | Homepage URL | Redirect URIs | JS Domains |
Java Script | Y | Y | Y | Y |
Web-based | Y | Y | Y | NA |
Mobile | Y | Y | Y | NA |
Self Client | N | N | N | NA |
Device | Y | Y | N | NA |
2. Generating the Authorization Code (Grant token)
As you already know, there are two ways in which you can generate the grant token based on the client type.
a. Web-based redirection
In this authorization flow,
- The web application redirects the user to the Zoho OAuth server with the required scope in the Accounts URL.
"https://accounts.zoho.com/oauth/v2/auth?scope=ZohoCRM.users.ALL&client_id={client_id}&response_type=code&access_type={"offline"or"online"}&redirect_uri={redirect_uri}". - As you can see, the request URL has the parameters "scope", "response_type", and "redirect_uri".
- The user sees the authorization prompt and approves the app's request as shown in the below image.
- The user is redirected back to the application with an authorization code in the query string.
- The application exchanges the authorization code for an access token.
The user may face one of the below errors when the application makes an authorization request with one or many incorrect parameters mentioned in step 1.
Error | Reason | Resolution |
ERROR_invalid_response_type | a) The value of the "response_type" key is not "code". b) You have not passed the mandatory keys in the request. | a) The value of the "response_type" key must be "code". b) Pass all the mandatory keys in the request to generate the grant token. |
ERROR_invalid_client | The client ID is wrong or empty. | Pass the right client ID. You can check your client ID from the developer console. |
ERROR_invalid_redirect_uri | The redirect URI value passed, and the one registered in the developer console mismatches. | Pass the right redirect URI. |
ERROR_invalid_scope | The scope is invalid. |
As you can see, the scope ZohoCRM.user.ALL is incorrect and hence, the system throws the error.
The application must again make the authorization request with proper scopes.
b. Self Clients
After registering your application as a self client, you must provide the necessary scopes in the UI under the Generate Code tab.
The system throws an error when you enter one or more incorrect scopes.
Enter valid scopes and click Generate to generate the code as shown below.
3. Generating Access and Refresh Tokens from the Grant Token
To generate the access and refresh tokens,
- Make a POST API call with the URL "{{accounts-domain}}/oauth/v2/token".
- In the request body, pass the values of the following parameters.a. client_idb. client_secretc. redirect_urid. code(this is the generated grant token)e. grant_type
You may face errors when one or more of the above parameters have a wrong value as shown in the below image.
Error | Reason | Resolution |
invalid_client | a) You have passed an invalid Client ID or secret. b) Domain mismatch. You have registered the client and generated the grant token in a certain domain (US), but generating the tokens from a different domain (EU). c) You have passed the wrong client secret when multi-DC is enabled. | a) Specify the correct client ID and secret. b) Ensure that you generate the grant, access, and refresh tokens from the same domain using the same domain URL (or) Enable Multi-DC for your client to generate tokens from any domain. c) Each DC holds a unique client secret. Ensure to pass the right client secret for that DC. |
invalid_code | a) The grant token has expired. b) You have already used the grant token. c) The refresh token to generate a new access token is wrong or revoked. | a) The grant token is valid only for one minute in the redirection-based flow. Generate the access and refresh tokens before the grant token expires. b) You can use the grant token only once. c) Specify the correct refresh token value while refreshing an access token. |
invalid_redirect_uri | The redirect URI in the request mismatches the one registered in the developer console. | Specify the correct redirect URI in the request. |
Points to note
- For redirection-based authorization, the grant token is valid only for a minute.
- For self client apps, the grant token is valid for the time you selected while authorizing your application.
- If the generation of access and refresh tokens from the grant token fails, the grant token becomes invalidated. You must generate another grant token.
- You can generate a grant token only up to five times in a minute.
- The access token is valid only for an hour. You must use the refresh token to generate new access tokens.
- The refresh token does not expire. It is invalidated only when you revoke the refresh token.
- Each user in an organization can have a maximum of 20 refresh tokens. Also, each refresh token can have a maximum of 30 active access tokens.
- When a user creates the 31st access token, the system deletes the first created access token. Similarly, when the user creates the 21st refresh token, the system deletes the first created refresh token.
We hope you found this post useful. Keep a tab on this series for more exciting topics!
Reach out to us at support@zohocrm.com if you have any questions, or let us know in the comment section.
Cheers!
Access your files securely from anywhere
New to Zoho Recruit?
Zoho Developer Community
New to Zoho LandingPage?
Zoho LandingPage Resources
New to Zoho Survey?
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Bigin?
Topic Participants
Shylaja S
709613389@zohoclosedAccount.com
Jaya Suriya J
Summerswintersacc
Mohan
Sticky Posts
Kaizen #197: Frequently Asked Questions on GraphQL APIs
🎊 Nearing 200th Kaizen Post – We want to hear from you! Do you have any questions, suggestions, or topics you would like us to cover in future posts? Your insights and suggestions help us shape future content and make this series better for everyone.Kaizen #198: Using Client Script for Custom Validation in Blueprint
Nearing 200th Kaizen Post – 1 More to the Big Two-Oh-Oh! Do you have any questions, suggestions, or topics you would like us to cover in future posts? Your insights and suggestions help us shape future content and make this series better for everyone.Celebrating 200 posts of Kaizen! Share your ideas for the milestone post
Hello Developers, We launched the Kaizen series in 2019 to share helpful content to support your Zoho CRM development journey. Staying true to its spirit—Kaizen Series: Continuous Improvement for Developer Experience—we've shared everything from FAQsKaizen #193: Creating different fields in Zoho CRM through API
🎊 Nearing 200th Kaizen Post – We want to hear from you! Do you have any questions, suggestions, or topics you would like us to cover in future posts? Your insights and suggestions help us shape future content and make this series better for everyone.Client Script | Update - Introducing Commands in Client Script!
Have you ever wished you could trigger Client Script from contexts other than just the supported pages and events? Have you ever wanted to leverage the advantage of Client Script at your finger tip? Discover the power of Client Script - Commands! Commands
New to Zoho TeamInbox?
Zoho TeamInbox Resources
Zoho CRM Plus Resources
Zoho Books Resources
Zoho Subscriptions Resources
Zoho Projects Resources
Zoho Sprints Resources
Qntrl Resources
Zoho Creator Resources
Zoho CRM Resources
Design. Discuss. Deliver.
Zoho Show Resources
Get Started. Write Away!
Writer is a powerful online word processor, designed for collaborative work.
Zoho CRM コンテンツ
-
オンラインヘルプ
-
Webセミナー
-
機能活用動画
-
よくある質問
-
Ebook
-
-
Zoho Campaigns
- Zoho サービスのWebセミナー
その他のサービス コンテンツ
Nederlandse Hulpbronnen
ご検討中の方
Recent Topics
How to create auto populate field based on custom module in Zoho CRM?
Hello, i'm still new to Zoho CRM and work as administrator in my company. Currently, I'm configuring layout for Quotes Module. So, the idea is, I've created a read-only field in Quotes called "Spec". I want this field automatically filled with Specificationwebinar registration confirmation are landing in SPMA folders
I am trialing zoho webinar and do not have access to custom domains. When I test user registrations, they are working but the resulting confirmation email is landing in a spam folder. How can I avoid this?Making digital signatures accessible to all: Introducing accessibility controls in Zoho Sign
Hi there! At Zoho Sign, we are committed to building an inclusive digital experience for all our users. As part of our ongoing efforts to align with Web Content Accessibility Guidelines (WCAG), we’re updating the application with support that will goIs there a way to set Document Owner/Sender via the API
When sending requests for zoho sign, it would seem zoho uses the id of the person that created the zoho api cred to determine the owner_id, is there a way to set a default for this?Transition Criteria Appearing on Blueprint Transitions
On Monday, Sept. 8th, the Transition criteria started appearing on our Blueprints when users hover over a Transition button. See image. We contacted Zoho support because it's confusing our users (there's really no reason for them to see it), but we haven'tDelegates should be able to delete expenses
I understand the data integrity of this request. It would be nice if there was a toggle switch in the Policy setting that would allow a delegate to delete expenses from their managers account. Some managers here never touch their expense reports, andAdd Save button to Expense form
A save button would be very helpful on the expense form. Currently there is a Save and Close button. When we want to itemize an expense, this option would be very helpful. For example, if we have a hotel expense that also has room service, which is aMultiple organizations under Zoho One
Hello. I have a long and complicated question. I have a Zoho One account and want to set it up to serve the needs of 6 organizations under the same company. Some of the Zoho One users need to be able to work in more than 1 organization’s CRM and otherIMAP Server not responding.
Trying to connect a phone via IMAP and getting "imap.zoho.com not responding." Is the server down, for maintenance or otherwise? I've tried this on two different devices and got the same error on both.Error AS101 when adding new email alias
Hi, I am trying to add apple@(mydomain).com The error AS101 is shown while I try to add the alias.Unbundle feature for composite items
We receive composite items from our vendors and sell them either individually or create other composite items out of them. So, there is a lot of bundling and unbundling involved with our composite items. Previously, this feature was supported in formRegarding the integration of Apollo.io with Zoho crm.
I have been seeing for the last 3 months that your Apollo.io beta version is available in Zoho Flow, and this application has not gone live yet. We requested this 2 months ago, but you guys said that 'we are working on it,' and when we search on GoogleOpen filtered deals from campaign
Do you think a feature like this would be feasible? Say you are seeing campaign "XYZ" in CRM. The campaign has a related list of deals. If you want to see the related deals in a deal view, you should navigate to the Deals module, open the campaign filter,How do you print a refund check to customer?
Maybe this is a dumb question, but how does anyone print a refund check to a customer? We cant find anywhere to either just print a check and pick a customer, or where to do so from a credit note.MTD SA in the UK
Hello ID 20106048857 The Inland Revenue have confirmed that this tax account is registered as Cash Basis In Settings>Profile I have set ‘Report Basis’ as “Cash" However, I see on Zoho on Settings>Taxes>Income Tax that the ‘Tax Basis’ is marked ‘Accrual'workflow not working in subform
I have the following code in a subform which works perfectly when i use the form alone but when i use the form as a subform within another main form it does not work. I have read something about using row but i just cant seem to figure out what to changeFetch data from another table into a form field
I have spent the day trying to work this out so i thought i would use the forum for the first time. I have two forms in the same application and when a user selects a customer name from a drop down field and would like the customer number field in theZoho Creator as LMS and Membership Solution
My client is interested in using Zoho One apps to deploy their membership academy offer. Zoho Creator was an option that came up in my research: Here are the components of the program/offer: 1. Membership portal - individual login credentials for eachRecord comment filter
Hi - I have a calendar app that we use to track tasks. I have the calendar view set up so that the logged in user only sees the record if they are assigned to the task. BUT there are instances when someone is @ mentioned in the record when they are notHow to View Part Inventory and Warehouse Location When Creating a Work Order in Zoho FSM
Hi everyone, We’re currently setting up Zoho FSM and would like to improve how our team selects parts when creating a Work Order. Right now, when we add a part or item to a Work Order, we can select it from our Zoho Inventory list but we don’t see anyFSM too slow today !!
Anybody else with problem today to loading FSM (WO, AP etc.)?CRM x WorkDrive: File storage for new CRM signups is now powered by WorkDrive
Availability Editions: All DCs: All Release plan: Released for new signups in all DCs. It will be enabled for existing users in a phased manner in the upcoming months. Help documentation: Documents in Zoho CRM Manage folders in Documents tab Manage filesNot able to Sign In in Zoho OneAuth in Windows 10
I recently reset my Windows 10 system, after the reset when I downloaded the OAuth app and tried to Sign In It threw an error at me. Error: Token Fetch Error. Message: Object Reference not set to an instance of an object I have attached the screenshotMapping a custom preferred date field in the estimate with the native field in the workorder
Hi Zoho, I created a field in the estimate : "Preferred Date 1", to give the ability to my support agent to add a preferred date while viewing the client's estimate. However, in the conversion mapping (Estimate to Workorder), I'm unable to map my customRuning RPA Agents on Headless Windows 11 Machines
Has anyone tried this? Anything to be aware of regarding screen resolution?The sending IP (136.143.188.15) is listed on spamrl.com as a source of spam.
Hi, it just two day when i am using zoho mail for my business domain, today i was sending email and found that message "The sending IP (136.143.188.15) is listed on https://spamrl.com as a source of spam" I hope to know how this will affect the deliveryDelegates - Access to approved reports
We realized that delegates do not have access to reports after they are approved. Many users ask questions of their delegates about past expense reports and the delegates can't see this information. Please allow delegates see all expense report activity,Split functionality - Admins need ability to do this
Admins should be able to split an expense at any point of the process prior to approval. The split is very helpful for our account coding, but to have to go back to a user and ask them to split an invoice that they simply want paid is a bit of an inWhat is a a valid JavaScript Domain URI when creating a client-based application using the Zoho API console?
No idea what this is. Can't see what it is explained anywhere.Is there a way to request a password?
We add customers info into the vaults and I wanted to see if we could do some sort of "file request" like how dropbox offers with files. It would be awesome if a customer could go to a link and input a "title, username, password, url" all securely and it then shows up in our team vault or something. Not sure if that is safe, but it's the best I can think of to be semi scalable and obviously better than sending emails. I am open to another idea, just thought this would be a great feature. Thanks,Single Task Report
I'd like a report or a way to print to PDF the task detail page. I'd like at least the Task Information section but I'd also like to see the Activity Stream, Status Timeline and Comments. I'd like to export the record and save it as a PDF. I'd like theAuto-response for closed tickets
Hi, We sometimes have users that (presumably) search their email inbox for the last correspondence with us and just hit reply - even if it's a 6 month old ticket... - this then re-opens the 6 month old ticket because of the ticket number in the email's subject. Yes, it's easy to 'Split as new Ticket', but I'd like something automated to respond to the user saying "this ticket has already been resolved and closed, please submit a new ticket". What's the best way to achieve this? Thanks, EdHow to Push Zoho Desk time logged to Zoho Projects?
I am on the last leg of my journey of finally automating time tracking, payments, and invoicing for my minutes based contact center company - I just have one final step to solve - I need time logged in zoho desk to add time a project which is associatedCannot access KB within Help Center
Im working with my boss to customize our knowledge base, but for some reason I can see the KB tab, and see the KB categories, but I cannot access the articles within the KB. We have been troubleshooting for weeks, and we have all permissions set up, customersExport to excel stored amounts as text instead of numbers or accounting
Good Afternoon, We have a quarterly billing report that we generate from our Requests. It exports to excel. However if we need to add a formula (something as simple as a sum of the column), it doesn't read the dollar amounts because the export storeswhy my account is private?
when i post on zohodesk see only agent onlyGetting ZOHO Invoice certified in Portugal?
Hello, We are ZOHO partners in Portugal and here, all the invoice software has to be certified by the government and ZOHO Invoice still isn´t certified. Any plans? Btw, we can help on this process, since we have a client that knows how to get the software certified. Thank you.Show/ hide specific field based on user
Can someone please help me with a client script to achieve the following? I've already tried a couple of different scripts I've found on here (updating to match my details etc...) but none of them seem to work. No errors flagged in the codes, it just500 Internal Server Error
I have been trying to create my first app in Creator, but have been getting the 500: Internal Server Error. When I used the Create New Application link, it gave me the error after naming the application. After logging out, and back in, the application that I created was in the list, but when I try to open it to start creating my app, it gives me the 500: Internal Server Error. Please help! Also, I tried making my named app public, but I even get the error when trying to do that.Client Script | Update - Client Script Support For Portals
Dear All! We are excited to announce the highly anticipated feature: Client Script support for Portals. We understand that many of you have been eagerly awaiting this enhancement, and we are pleased to inform you that this support is now live for allNext Page