Hello,

We are using the PHP SDK in the self-client scenario.

It does not look like the token_persistence_path is being respected and zcrm_oauthtokens.txt is generated in the website root directory.

I.e. the TXT file ends up in www.mysite.com/zcrm_oauthtokens.txt not the path we specified.

I don't know enough about OAUTH system to know if this a security issue, but wanted to confirm. (I am not sure it would be more secure in my specified path, but at lease it wouldn't be easily guessable URL)

It does appear as though everything else is working fine because we are able to read and write records in Zoho.