Bug: OAuth 2.0 State Parameter fails with Pipe Delimiters (RFC 6749 Non-Compliance)

https://accounts.zoho.com/oauth/v2/auth?response_type=code
    &client_id=<client_id>
    &scope=<scope>
    &redirect_uri=<redirect_uri>
    &access_type=offline
    &state=<state_value>

// Instead of using pipes as delimiters:
state = csrf_token + "|" + user_id + "|" + redirect_path;
// ❌ This breaks Zoho's authorization flow

// Developers must use alternative approaches:
state = csrf_token + "_SEP_" + user_id + "_SEP_" + redirect_path;
// or
state = base64_encode(json_encode({"csrf": token, "user": id, "path": path}));
// or
state = csrf_token; // Store other data server-side keyed by CSRF token

• Topic Participants

• Damien Cregan

  

• Sticky Posts

• Deprecation of SMS-based multi-factor authentication (MFA) mode

  Overview of SMS-based OTP MFA mode The SMS-based OTP MFA method involves the delivery of a one-time password to a user's mobile phone via SMS. The user receives the OTP on their mobile phone and enters it to sign into their account. SMS-based OTPs offer

• Recent Topics

• Is it possible to setup bin locations WITHOUT mandating batch tracking?

  Hi fellow zoho users, I'm wondering if anyone else has a similar issue to me? I only have some products batch tracked (items with shelf life expiry dates) but I am trying to setup bin locations for my entire inventory so we can do stock counting easier.

• Implementing Inventory Process

  I am just starting to create an inventory system through Zoho for a nonprofit. We receive in-kind donations of items for kids, and utilize them in 2 or 3 different programs. Then families come in and take the items. I'm thinking of this structure: Our

• Best way to start zoho inventory with bulk openning stock

  We are already using zoho book since long time for cars trading company. Now to streamline more, would like to import the excel data of closing stock of inventory to zoho inventory and to start on. Since we need to track each VIN (unique vehicle id number)

• Service Reports.

  Hello Team, I have a requirement to create multiple service reports for a single AP. That means, in one AP I have 5 service line items, and all line items are linked to assets. Once I complete the AP, I want to generate 5 individual service reports, one

• Blueprint enhancements - Parallel and multiple transitions, and more

  Last modified on Sep 4, 2023: All Zoho CRM users can now access these enhancements. Initially, these features were available only on an early access basis and by request. However, as of August 2, 2023, they have been made available to all users in all

• Item Bulk Edit - Allow for Reorder Level

  We're implementing a process for using the Reorder Level field for Items, and I have to go through and add this value to a huge chunk of our Items. It's driving me bonkers that I have to do this individually through the UI rather than bulk updating. It

• Zoho CRM || Unable to Bulk Assignment of Territories for Contacts

  Dear Zoho CRM Support Team, I hope this email finds you well. We recently performed a bulk upload of Contacts into Zoho CRM using the official sample Excel template downloaded from the CRM. The upload itself was completed successfully; however, we encountered

• What's New in Zoho Inventory | August – October 2025

  Hello customers, The last quarter has been incredibly productive! We've released a powerful slate of new features and enhancements in Zoho Inventory designed to give you better control, greater efficiency, and expanded functionality across your inventory

• Disable Zoho Inventory Tracking / Delink Zoho Books & Inventory

  We have integrated zoho inventory with zoho books? Now after a long time, we want to disable inventory tracking and delink these 2 modules. Zoho says we cant do it. Anybody else going thru the same ? Any possibility at all? Why does zoho not allow to

• Tracking Non-Inventory Items

  We have several business locations and currently use zoho inventory to track retail items (sales and purchase orders). We were hoping to use zoho inventory to track our non-inventory items as well (toilet paper, paper towels, etc). I understand that we

• Price Managment

  I have been in discussions with Zoho for some time and not getting what I need. Maybe someone can help explain the logic behind this for me as I fail to understand. When creating an item, you input a sales rate and purchase rate. These rates are just

• Set Warehouse based on Vendor

  Greetings. I would like to set automaticaly the Warehouse based on the Vendor. Context: I am working on an adaptation of a Purchase Order to be used as a Quotation. I have defined that when a user has to raise a quote the Vendor will be "PROCUREMENT" I would like to set the Warehouse to a predefined value when "PROCUREMENT" is set as Vendor. I have tried to do with the Automation feature using the Field Update option, but Warehouse does not is listed as a field. Can you help? Thanks in advance.

• Auto tagging

  Some of the articles I enter into Notebook get there when I enter them in Raindrop.io and IFTTT copies the articles in Notebook. When this happens the notes are tagged but instead of useful one word tags with topic the tag pertains to the specific article

• How do I save audio files to my PC that I record into Zoho Notebook from my phone?

  I was thinking of using Zoho Notebook as a way to store composition ideas, as well as for other things if it can handle this. For this to be useful for me though, I need to be able to have an easy way to download those audio files to my PC, either individually

• Search mails in shared mailbox

  Hi everyone, is there a way to search mails in shared mailbox's? Search in streams or mail doesn't return anything from mails in shared mailboxes. Thanks! Rafal

• Kaizen #186 : Client Script Support for Subforms

  Hello everyone! Welcome back to another exciting Kaizen post on Client Script! In this edition, we’re taking a closer look at Client Script Support for Subforms with the help of the following scenario. " Zylker, a manufacturing company, uses the "Orders"

• Writing SQL Queries - After Comma Auto Suggesting Column

  When writing SQL Queries, does anyone else get super annoyed that after you type a comma and try to return to a new line it is automatically suggest a new column, so hitting return just inputs this suggested column instead of going to a new line? Anyone

• Convert invoice from zoho to xml with all details

  How to convert an Invoice to XML format with all details

• Sync your Products Module for better context.

  In customer support, context is everything. The integration between Zoho Desk and Zoho CRM helps your sales and support teams function as one, delivering better customer experiences. With the latest update to this integration, you can now sync the Product module in your Zoho CRM with your Zoho Desk portal. This feature enables products from Zoho CRM to reflect in the "product" field in Zoho Desk. This can save your support team valuable time and effort.    Some things to note when syncing the two:

• Where is the desktop app for Zoho Projects???

  As a project manager, I need a desktop app for the projects I manage. Yes, there's the web app, which is AWESOME for cross browser and platform compatibility... but I need a real desktop app for Projects that allow me to enter offline information where

• CRM verify details pop-up

  Was there a UI change recently that involves the Verify Details pop-up when changing the Stage of a Deal to certain things? I can't for the life of me find a workflow or function, blueprint, validation rule, layout rule ect that would randomly make it

• Does Zoho Writer have Dropdowns

  I want to add a drop down field in Zoho writer. Is this possible?

• Multiple header in the quote table???

  Hello, Is it possible in Zoho CRM to add multiple headers or sections within the Quote product table, so that when the quote is printed it shows separate sections (for example “Products” and “Services”)? To clarify, I’m asking because: This does not appear

• openUrl in blueprints

  My customer wants to open a URL at the end of a blueprint transition. Seems this isn't possible right now but it would be very useful. In this thread, https://help.zoho.com/portal/en/community/topic/openurl-not-working the Zoho agent said that it's logically

• Dropshipping Address - Does Not Show on Invoice Correctly

  When a dropshipping address is used for a customer, the correct ship-to address does not seem to show on the Invoice. It shows correctly on the Sales Order, Shipment Order, and Package, just not the Invoice. This is a problem, because the company being

• Prepayment of a sales order

  How does everyone handle this common (at least it is common for us!) situation? We require all our orders to be fully prepaid before shipment since we manufacture made to order, custom products. Since ZOHO does not allow a sales order to be prepaid, we are forced to create an invoice at the time an order is placed to allow the customer to pay it. Our sales category is therefore skewed, since the sale was actually booked at the time an order was placed, rather then at the time it is shipped, which

• Access to Specific Zoho Desk layout for external parties

  Hi, We have a partner who handles for us sales requests from specific markets. He is not a Zoho Desk user. But we want him to b part of a specific Zoho Desk layout to handle inquiries.  How to achieve it in the easiest way possible?

• Deposit on a Sales Order

  Good day, 100% of my business is preorders, no inventory. I am trying to run away from QB for one of my businesses, but I require two options that I don't seem to find with Zoho Books. 1 - If there is a way to apply a deposit on a sales order, as with

• How Does Knowledge Base Search and Article Recommendation Work?

  Hello, I would like to understand how the Knowledge Base search engine works. Specifically, does it search based on: The article title only? The full article content? Both, the article and the content? Keywords? Tags? Also, how does the system determine

• Bulk Delete Attachments

  Is there a way to bulk delete attachments on the form entries? our storage is full and deleting files one by one is pain taking process.

• How do I sync multiple Google calendars?

  I'm brand new to Zoho and I figured out how to sync my business Google calendar but I would also like to sync my personal Google calendar. How can I do this so that, at the very least, when I have personal engagements like doctor's appointments, I can

• Ability to Disable System Banner Messages in Chat Flow Control

  Dear Zoho SalesIQ Team, Greetings, We would like to request an enhancement related to the system banner messages in Zoho SalesIQ chat flow control. Current Behavior: SalesIQ allows configuring various automatic banner/system messages such as: Waiting

• Idle Chat Reminders for Agent-Handled Conversations

  Dear Zoho SalesIQ Team, Greetings, We would like to request an enhancement to the Idle Chat Handling functionality in Zoho SalesIQ—specifically for chats that are handled by human agents after a bot-to-agent transfer. Current Behavior: In Zobot settings,

• Snapchat

  Are there any plans to add Snapchat to Zoho Social or is there any API that we can use to integrate into Zoho.

• Zoho Sign "An unexpected error occured" when clients trying to sign documents

  We are unable to have clients sign our documents. When attempting to complete the process an error appears saying "an unexpected error occured" and in the document history just shows "signing failure." We are at a complete standstill with no response

• ¡Vuelven los Workshops Certificados de Zoho a España!

  ¡Hola usuarios de Español Zoho Community! Hace ya unos días que hemos dado la bienvenida al 2026, y promete ser un año de lo más emocionante. Y es que nos gustaría haceros nuestro particular regalo de Reyes, aunque lleguemos un poco tarde. 🎁 ¡Nos gustaría

• Cancel Subscription

  Hi , Im want to cancel my account but without success please help me to do it

• How to list services on quote instead of products

  I need to create a customer facing estimate that displays our services. The default quote layout only allows products to be listed. Is there a way to correct this?

• Making an email campaign into a Template

  I used a Zoho Campaign Template to create an email. Now I want to use this email and make it a new template, but this seems to be not possible. Am I missing something?

• Syncing calendar with Google Calendar doesn't work when events are sent to auto repeat

  Hi... The ZOHO CRM -- GOOGLE CALENDAR sync is broken. If I create a single event on either side, sync works, but if I create an event with auto repeat on either side it doesn't work. Furthermore, events created before the sync don't show up in the calendar.

• Next Page