Bug: OAuth 2.0 State Parameter fails with Pipe Delimiters (RFC 6749 Non-Compliance)

https://accounts.zoho.com/oauth/v2/auth?response_type=code
    &client_id=<client_id>
    &scope=<scope>
    &redirect_uri=<redirect_uri>
    &access_type=offline
    &state=<state_value>

// Instead of using pipes as delimiters:
state = csrf_token + "|" + user_id + "|" + redirect_path;
// ❌ This breaks Zoho's authorization flow

// Developers must use alternative approaches:
state = csrf_token + "_SEP_" + user_id + "_SEP_" + redirect_path;
// or
state = base64_encode(json_encode({"csrf": token, "user": id, "path": path}));
// or
state = csrf_token; // Store other data server-side keyed by CSRF token

• Topic Participants

• Damien Cregan

  

• Affan Mohammed

  

• Sticky Posts

• Deprecation of SMS-based multi-factor authentication (MFA) mode

  Overview of SMS-based OTP MFA mode The SMS-based OTP MFA method involves the delivery of a one-time password to a user's mobile phone via SMS. The user receives the OTP on their mobile phone and enters it to sign into their account. SMS-based OTPs offer

• Recent Topics

• Issue with payments on invoices

  Hello, I’m having the following issue. When I create an invoice and try to apply a partial payment in a single transaction, the system does not allow it — it only allows full payment. Is this the expected behavior, or am I missing some configuration?

• auto add as member the contact owner

  is there a way that i can make a zoho flow that will add the owner of the contact as a member of the chat after the round robin assignment?

• Client Script Button in Related List become invalid

  Hi, I am the admin of our organization. And I setup a client script button in related list to raise payment refund request While this button become non selectable recently. I believe there is something wrong from zoho as this button had run for a year.

• Welcome to Zoho CommunitySpaces

  Hello everyone, This is your space to ask questions, share ideas, and connect with others building and growing their own communities. For those new here, Zoho CommunitySpaces is a platform for building and managing online communities—from discussion spaces

• Announcing new features in Trident for Windows (v.1.20.4.0)

  Hello Community, Trident for Windows is here with some new features to elevate your work experience. Let's take a quick look at what's new. Export emails. You can now export emails in the .eml file format as compressed zipped files to create a secure

• Announcing new features in Trident for Windows (v1.14.5.0)

  Hello Community, Trident for Windows is here with new features to elevate your workplace productivity. Let's take a quick look at what's new. Add and edit contacts Previously, you could view all of your personal and organizational contacts in Trident.

• Announcing Trident desktop app for Zoho Mail & Zoho Workplace users

  Hello Community, I hope you are doing well and staying safe. As you know, our Mail & workplace teams have been constantly working on adding more value to our offerings to ensure you and your organization continue enjoying your Zoho experience. As part

• Quick way to add a field in Chat Window

  I want to add Company Field in chat window to lessen the irrelevant users in sending chat and set them in mind that we are dealing with companies. I request that it will be as easy as possible like just ticking it then typing the label then connecting

• Please Remove the Confirmation Popup

  Currently, every time a recruiter changes the status of a candidate in Zoho Recruit, a popup confirmation appears that requires clicking “OK, Got it” before proceeding. This creates unnecessary friction in the workflow, especially for users handling high

• Team Module Issues?

  We are testing Team Licenses for use by our Customer Service staff. I created a Teamspace called CSR and only assigned two users to this space: Administrator (me) and “Team License Test.” Team License Test is assigned to the Team User profile, with a

• Canvases Auto-Skewing/Adding Scroll Bars When They Were Not There Prior

  Is anyone else noticing rendering issues in their canvases today? It seems to be mainly icons which now have scroll bars added which makes them all look off, though some fields seemed to revert to squished length as well. Were the icons replaced with

• Zoho CRM Kiosk question – Passing Screen Fields to a Function

  I am building a Kiosk in Zoho CRM to create new Supplier (Vendors) records. Current setup: Screen 1 contains user input fields: Supplier Name (Vendor_Name) First Name (First_Name) I created a Deluge function: createSupplier(vendor_name, first_name) The

• Announcing new features in Trident for Windows (v.1.41.5.0)

  Hello Community! Trident for Windows just received an exciting update with new ways to collaborate and stay organized without leaving your workspace. Let’s take a look at what’s new! Integrate Zoho Meeting with Trident. You can now schedule, start, and

• Zoho ERP | Product updates | June 2026

  Hello users, We launched Zoho ERP on January 23, and since then, our goal has been to help businesses streamline and manage their operations with greater efficiency, flexibility, and control. Since the launch, we've continued to enhance the platform every

• Zia Agent activation in Zoho Desk forces new Organization creation instead of deploying to existing one

  While attempting to complete the deployment and activation sequence of a new Zia Agent within our existing Zoho Desk environment, the activation process failed on the user interface, throwing a generic error (see print). However, despite the activation

• Allow native Webhooks to authenticate via Connections

  Allow native Webhooks to authenticate via Connections (Basic Auth) instead of plaintext custom headers Summary Please allow native Webhooks (Workflow Rules > Instant Actions > Webhooks) to authenticate against the destination endpoint using the existing

• Send Email Directly to Channel

  Hi, We are coming from Slack. In Slack each channel has a unique Email address that you can send emails too. I currently forward a specific type of email from my Gmail InBox directly do this channel for Verification Codes so my team doesn't have to ask

• How do page versions work these days?

  I thought that Zoho Wiki had the capability to display previous versions of a page, and optionally reinstate them. But I can't find a current doc on this subject -- is there one? From what I remember, that capability was accessed via the Version number

• Price Managment

  I have been in discussions with Zoho for some time and not getting what I need. Maybe someone can help explain the logic behind this for me as I fail to understand. When creating an item, you input a sales rate and purchase rate. These rates are just

• Warehouse -> Locations Transition Causing Errors

  After saying "okay" to the transition from 'warehouses' to 'locations', I've now got shipped Sales Orders that I cannot invoice. How does one proceed?

• Problem with the blueprint flow.

  Scenario: 3 departments in a single environment: A-B-C agents from department 1 D-E-F agents from department 2 G-H agents from department 3 Since we've been using Zohodesk (2023), agents can assign tickets to the correct department using the blueprint

• Introducing the new Zoho Announcements Hub

  Hello, Enterprise Support Community! We are excited to announce a new way to keep up to date with recent product releases and announcements for the Zoho apps you use on a regular basis. Introducing our new centralized location to bring together all Zoho

• Ability to run report over 180 days

  Is there a reason Zoho limits the ability to run reports for records older than 180 days? In my view, the only reason I can think of is that it forces us to pay for Advanced Analytics (which I do).

• Cloning a View

  When I clone a View, it doesn't make a copy; it only creates a new copy with the same default fields as if I were creating a new view. What is the purpose of cloning if it doesn't bring in the same fields? Thanks Rudy

• New tickets with empty image contents

  Dear Support. From the end of last week onwards customers send messages for new tickets through microsoft graph (by email to support at procert.ch using the procert portal). We have an issue with the emails because well packed images are no longer visible.

• Images not showing up in Desk tickets

  Customers are trying to send us screenshots to diagnose their issues. But Desk seems to be stopping the images/breaking the link when the ticket comes in. (We can see them in an email box getting cc'd on all tickets...so it's not our mail system). Help!

• Introducing Databridge for Zoho Creator

  Hello, Enterprise Support Community! We'd like to highlight a recent utility that was released for Zoho Creator, that will allow you to connect external, private datasources with your Creator apps, Databridge. Databridge is an application that will need

• Zoho HTML editor is removing MSO (Outlook) specific code.

  The ability to add in custom HTML is great. We are using MJML to generate our wonderfully cross platform and responsive email code that works on Act-On, Salesforce, Hubspot, Active Campaign, and lead liaison. The way it supports MSO (Outlook) is it included

• Retail Payment Receipt

  Hi, So "payment receipts" have a "Retail" template for thermal printers, but the template is configured at A4 paper size!!! How is this retail guys? On the other hand, Invoices have 3 Retail templates which have 3 and 4 inch paper size, perfectly fitting

• Custom Portal URL causing SAMEORIGIN error with embedded Page snippet

  In my app, I have a page that embeds another page. The URL that I have for the embedded page starts with https://creatorapp.zoho.com but the custom domain I have set up is https://kors.kerndell.com. Because the user logged into the app at https://kors.kerndell.com,

• Pasting images is a mess

  I’m trying to paste images into my tickets, in the comments field. But when I paste images, they end up in the wrong order or behind the text.

• Sort by Project Name?

  How the heck do you sort by project name in the task list views??? Seems like this should be a no-brainer?

• Zoho Contracts Just Got Better! CRM 2.0, Regional Settings & 6 New Reports

  Zoho Contracts is evolving to bring you a more efficient and customizable contract management experience. In this update, we are introducing powerful enhancements to our Zoho CRM integration, regional settings, and reports. Let us explore what’s new:

• Writer is horrible

  Form filling is about unusable for complex forms! I am so tired of it.

• Zoho Finance Limitations 2.0 #5: Can't select "Account Id" if creating Custom Links in Related Panel (but it's available for Custom Buttons)

  When creating a custom link within the Zoho Finance module there is no option to select the "Account Id". If creating a Custom Button, it's available. Any plans to make this available within a reasonable timeframe? ======== Perspective: using Zoho finance

• Associate Zoho Project with Deal that is in a specific stage?

  Hi there, When a deal hits a certain stage, I'd like to associate it with an pre-exisiting zoho project? I am using blueprints. Using a custom function and deluge, how could I do this? I was thinking that the easiest option would be the modify the pre-made

• Zoho Cliq not working on airplanes

  Hi, My team and I have been having this constant issue of cliq not working when connected to an airplane's wifi. Is there a reason for this? We have tried on different Airlines and it doesn't work on any of them. We need assistance here since we are constantly

• Can Zoho CRM Emails be used in Zoho Analytics in any capacity?

  We're wanting to display details about Lead Activity in regular reports through Zoho Analytics but we're having difficulty integrating Emails at all. We'd like to be able to note when an email is received and when it is sent somewhere other than just

• CRM Portal Lookup Linkage and Related Fields

  hi, if someone can give me the right path, would be greatly appreciated. we want to do a customer portal for our partners who we issue work orders for our customers, the linkage via lookup fields Partner -> Work Order -> Customer in our portal, the primary

• Mirror Component in Zoho CRM: Access real-time related data without leaving your record

  Hi everyone, This feature is now available for the JP, CA, SA, UAE, and AU DCs. We're excited to bring to you Zoho CRM's mirror component, which presents relevant data on a record's details page and keeps everything users need in one place without having

• Next Page