Bug: OAuth 2.0 State Parameter fails with Pipe Delimiters (RFC 6749 Non-Compliance)

https://accounts.zoho.com/oauth/v2/auth?response_type=code
    &client_id=<client_id>
    &scope=<scope>
    &redirect_uri=<redirect_uri>
    &access_type=offline
    &state=<state_value>

// Instead of using pipes as delimiters:
state = csrf_token + "|" + user_id + "|" + redirect_path;
// ❌ This breaks Zoho's authorization flow

// Developers must use alternative approaches:
state = csrf_token + "_SEP_" + user_id + "_SEP_" + redirect_path;
// or
state = base64_encode(json_encode({"csrf": token, "user": id, "path": path}));
// or
state = csrf_token; // Store other data server-side keyed by CSRF token

• Topic Participants

• Damien Cregan

  

• Sticky Posts

• Deprecation of SMS-based multi-factor authentication (MFA) mode

  Overview of SMS-based OTP MFA mode The SMS-based OTP MFA method involves the delivery of a one-time password to a user's mobile phone via SMS. The user receives the OTP on their mobile phone and enters it to sign into their account. SMS-based OTPs offer

• Recent Topics

• 3 year sick leave cycle

  How do you set up a sick leave cycle for South Africa? In SA the sick works like this for the first 6 months you get 0.83 paid sick days a month, then after 6 months you sick leave balance is reset to 30 days that can be used over a 36 month cycle.  This

• WorkDrive and CRM not in sync

  1/ There is a CRM file upload field with WorkDrive file set as the source: 2/ Then the file is renamed in WorkDrive (outside CRM): 3/ The File in CRM is not synced after the change in WorkDrive; the file name (reference) in CRM record is not updated (here

• Is Zoho Communityspaces now part of Zoho One?

  Is Zoho Communityspaces now part of Zoho One?

• Bigin’s 2025 Evolution: Highlights from 2025 and What’s Ahead in 2026

  Dear Biginners, Wishing you a very happy New Year! As we stand at the cusp of endless possibilities in 2026, we would like to take a moment to reflect on what we achieved together in 2025. Your continued support, thoughtful feedback, and kind words of

• Send Supervisor Rule Emails Within Ticket Context in Zoho Desk

  Dear Zoho Desk Team, I hope this message finds you well. Currently, emails sent via Supervisor Rules in Zoho Desk are sent outside of the ticket context. As a result, if a client replies to such emails, their response creates a new ticket instead of appending

• Zoho Desk - Change Time Zone for all users and set default for new user

  Hi,   Is there a way to set a default time zone so that when user creates an account via the Zoho Desk invitation, they don't need to select the time zone via the hundreds of choice?   And, for already created users, can we edit the incorrect time zone selected by the user at the account creation ?   Thanks ! Fred

• Allow Manual Popup Canvas Size Control

  Hello Zoho PageSense Team, We hope you're doing well. We would like to request an enhancement to the PageSense popup editor regarding popup sizing. Current Limitation: Currently, the size (width and height) of a popup is strictly controlled by the selected

• Why does Zoho’s diff viewer highlight parts of unchanged lines?

  Hi everyone, I’ve noticed something odd in the Zoho editor’s diff view. When I delete a single line, the diff doesn’t just mark that line as removed. Instead, it highlights parts of the next line as if they changed, even though they are identical. Example:

• Add deluge function to shorten URLs

  Zoho Social contains a nice feature to shorten URLs using zurl.co. It would be really helpful to have similar functionality in a Deluge call please, either as an inbuilt function or a standard integration. My Creator app sends an email with a personalised

• form data load issue when saving as duplicate record is made

  Hello. I have a form with a lookup when a value is selected the data from the corresponding record is filled into all of the fields in the form. But the form is loaded in such a state that if any value is changed it will take all of the values pre loaded

• Invoice template, how to change the text under "Notes" and "Terms and Conditions"

  In "Invoice templates", there are two text/info sections at the bottom:"Notes" and "Terms and Conditions". It is possible to change the names of these two headings, but how is it possible to change/alter the text under it. As a standard it says "Thank you for your business" under Notes - I need to change it into something different- How? Thank you.

• Recurring Tasks and Reminders in Projects

  Recurring tasks are tasks that are created once, and then recreated automatically after a designated time period. For example, the invoice for your billable tasks is due every week. You can set that task to recreate itself every week. Also, the future

• Unable to remove the “Automatically Assigned” territory from existing records

  Hello Zoho Community Team, We are currently using Territory Management in Zoho CRM and have encountered an issue with automatically assigned territories on Account records. Once any account is created the territory is assigned automatically, the Automatically

• Improved Functionality PO Bill SO Invoice

  Hello, I need to enter over 100 items, it's frustrating to scroll a few item rows and wait for more to load, then scroll again. It would be nice to have buttons that scroll to the top or bottom with one click. Furthermore, these items I'm adding are VAT

• Wishes for 2026

  Hello, and a happy new year 2026! Let's hope it's better for everyone. I'd like to share some thoughts on Zoho One and what could be useful in the short, medium, and long term. Some things are already there, but not applied to Zoho One. Others seem like

• How to Integrate Zoho Books with Xero (No Native Connection Available)

  Hi everyone, I’m currently facing an issue with integrating Zoho Books invoices with Xero, as I’ve noticed Zoho does not provide a native integration with Xero at this time. I would like to ask: What are the common or recommended solutions for syncing

• Markup instead of discount??

  Is it possible to have the discount field on an invoice or estimate be a markup instead? It's the very same functionality that I am looking for - to be able to markup an individual item by either a $ or a % and have that cost added (instead of subtracted) to the item cost.  Currently, I use the tax feature to accomplish this, but it's very awkward to have "Markup 15%" listed after the subtotal. Plus, if I want to markup items at different rates, I end up with several "markup" lines in the totals

• Plan switch

  I thought I pressed the Free button, but after they set up the account, I see that I am on a Premium trial. Is this usual? How do I get onto the Free version?

• 'Tax registration date'?

  The second question in setting up is 'Tax registration date'. My first question: which tax? My second question: why do you need the registration date?

• What if we don't have an ABN?

  Australian business. Setting up. We have no ABN. It's not compulsory. Field not allowed to be blank. What to do?

• Keeping track of project expenses

  I have talked to a few support techs and it is very hard for me to believe that Zoho's project accounting software can't keep accounts for my projects. I must not understand what they're saying. We get a contract to build something. So the project revenue

• Linking Multi-UOM Barcodes to Products in Zoho Books

  Greetings, I'm using Zoho Books for retail shop and I'm running into a bit of a challenge with products that have multiple Units of Measurement (UOMs) and corresponding barcodes. For example, I sell cigarettes both as individual packets and in cartons

• How to change "from" email address when invoicing.

  HELP! I'm new to Zoho Books and when I first set it up used a different email address than I currently want to use. I've tried to go to settings and change the default email address but when I generate an invoice it still shows the old email address (although I can't find it anywhere else). I really need to get this changed before I can use the program. Any help would be appreciated.

• Critical Issue: Tickets Opened for Zoho Support via the Zoho Help Portal Were Not Processed

  Hi everyone, We want to bring to your attention a serious issue we’ve experienced with the Zoho support Help Portal. For more than a week, tickets submitted directly via the Help Portal were not being handled at all. At the same time no alert was posted

• Hide/Show Subform Fields On User Input

  Hello, Are there any future updates in Hide/Show Subform Fields "On User Input"?

• Cloning Item With Images Or The Option With Images

  Hello, when I clone an item, I expect the images to carry over to the cloned item, however this is not the case in Inventory. Please make it possible for the images to get cloned or at least can we get a pop up asking if we want to clone the images as

• Custom validation in CRM schema

  Validation rules in CRM layouts work nicely, good docs by @Kiran Karthik P https://help.zoho.com/portal/en/kb/crm/customize-crm-account/validation-rules/articles/create-validation-rules I'd prefer validating data input 'closer to the schema'

• Adding Default Module Image into mail merge field

  As with most people finding their way to these forums i have a specific requirement that doesn't seem to be supported by Zoho I have created 2 custom modules to suit my purpose 1 is an inventory type module that lists aluminium extrusions, and all relevant

• Is it possible to roll up all Contact emails to the Account view?

  Is there a way to track all emails associated with an Account in one single view? Currently, email history is visible when opening an individual Contact record. However, since multiple Contacts are often associated with a single Account, it would be beneficial

• Managing credit cards

  Hi, I'm hoping someone on this forum can help me out managing credit card accounts.  Transaction are entered as expenses using the credit card account and, as expected, the card balance shows as a negative since this is clearly money I owe them.  Once I make a payment, of the full amount owed, I woudl expect the balance to become zero. It doesn't, the negative balance just keeps on increasing even though the payment is reflected correctly in my main operating account.  No-one at Zoho seems to understand

• Free Training - Explore What’s New in Zoho One 2025

  Greetings! We hope you have all had a chance by now to get hands-on with the new features and updates released as part of ZO25. Yes, we understand that you may have questions and feedback. To ensure you gain a comprehensive understanding of these updates,

• Quick way to add a field in Chat Window

  I want to add Company Field in chat window to lessen the irrelevant users in sending chat and set them in mind that we are dealing with companies. I request that it will be as easy as possible like just ticking it then typing the label then connecting

• How to create a two way Sync with CRM Contacts Module?

  Newbie creator here (but not to Zoho CRM). I want to create an app that operates on a sub-set of CRM Contacts - only those with a specific tag. I want the app records to mirror the tagged contacts in CRM. I would like it to update when the Creator app

• How to import data from PDF into Zoho Sheet

  I am looking to import Consolidated Account Statement (https://www.camsonline.com/Investors/Statements/Consolidated-Account-Statement) into zoho sheet. Any help is appreciated. The pdf is received as attachment in the email, this document is password

• Trigger Workflow, Approval Process, Blueprint by Deluge in Zoho CRM

  #Tips & Trick If you intend to activate your Workflow, Approval Process, or Blueprint through either the deluge script or Zoho CRM API during the creation, updating, or deletion of a record Try this Script mp = Map(); trigger = List(); // Workflow trigger.add("workflow");

• Zoho Projects Android app: Integration with Microsoft Intune

  Hello everyone! We’re excited to announce that Zoho Projects now integrates with Microsoft Intune, enabling enhanced security and enterprise app management. We have now added support for Microsoft Intune Mobile Application Management (MAM) policies through

• Cant't update custom field when custom field is external lookup in Zoho Books

  Hello I use that : po = zoho.books.updateRecord("purchaseorders",XXXX,purchaseorder_id,updateCustomFieldseMap,"el_books_connection"); c_f_Map2 = Map(); c_f_Map2.put("label","EL ORDER ID"); c_f_Map2.put("value",el_order_id); c_f_List.add(c_f_Map2); updateCustomFieldseMap

• Set connection link name from variable in invokeurl

  Hi, guys. How to set in parameter "connection" a variable, instead of a string. connectionLinkName = manager.get('connectionLinkName').toString(); response = invokeurl [ url :"https://www.googleapis.com/calendar/v3/freeBusy" type :POST parameters:requestParams.toString()

• Possible to connect Zoho CRM's Sandbox with Zoho Creator's Sandbox?

  We are making some big changes on our CRM so we are testing it out in CRM's Sandbox. We also have a Zoho Creator app that we need to test. Is it possible to connect Zoho CRM's Sandbox to Zoho Creator's Sandbox so that I can perform those tests?

• I Need Help Verifying Ownership of My Zoho Help Desk on Google Search Console

  I added my Zoho desk portal to Google Search Console, but since i do not have access to the html code of my theme, i could not verify ownership of my portal on Google search console. I want you to help me place the html code given to me from Google search

• Next Page