OAuth redirects and service state

Is it possible for a redirect URI to convey some additional state that my service is waiting on? I wish to use this state to convey a request id so that my service only accepts the grant tokens that it expects.

Here is a sample request made to my browser - note the state parameter:

https://accounts.zoho.com/oauth/v2/auth?scope=ZohoCRM.modules.leads.create&client_id=<my-client-id>&response_type=code&access_type=offline&redirect_uri=https://<my-service>/api/auth/zoho-crm?state%3D1423b1df-e024-4dc6-bf06-83f4083b7dd4

If I pass the state query parameter then Zoho complains with "ERROR_invalid_redirect_uri" in the browser. If I remove the query parameter then all appears well.

I understand that state is conventionally used by OAUTH for the purpose I seek.

Thanks for any help.

Tout forum

France ZUGs

Sticky Posts
Deprecation of SMS-based multi-factor authentication (MFA) mode
Overview of SMS-based OTP MFA mode The SMS-based OTP MFA method involves the delivery of a one-time password to a user's mobile phone via SMS. The user receives the OTP on their mobile phone and enters it to sign into their account. SMS-based OTPs offer

OAuth redirects and service state

OAuth redirects and service state

France ZUGs

Topic Participants

Christopher Hunt

Jaya Suriya J

Praveen Sankar

Sticky Posts

Deprecation of SMS-based multi-factor authentication (MFA) mode