Bug: OAuth 2.0 State Parameter fails with Pipe Delimiters (RFC 6749 Non-Compliance)

https://accounts.zoho.com/oauth/v2/auth?response_type=code
    &client_id=<client_id>
    &scope=<scope>
    &redirect_uri=<redirect_uri>
    &access_type=offline
    &state=<state_value>

// Instead of using pipes as delimiters:
state = csrf_token + "|" + user_id + "|" + redirect_path;
// ❌ This breaks Zoho's authorization flow

// Developers must use alternative approaches:
state = csrf_token + "_SEP_" + user_id + "_SEP_" + redirect_path;
// or
state = base64_encode(json_encode({"csrf": token, "user": id, "path": path}));
// or
state = csrf_token; // Store other data server-side keyed by CSRF token

• Topic Participants

• Damien Cregan

  

• Sticky Posts

• Deprecation of SMS-based multi-factor authentication (MFA) mode

  Overview of SMS-based OTP MFA mode The SMS-based OTP MFA method involves the delivery of a one-time password to a user's mobile phone via SMS. The user receives the OTP on their mobile phone and enters it to sign into their account. SMS-based OTPs offer

• Recent Topics

• Hotmail is STILL blocking the zoho mail IP

  Greetings, as I already mentioned in my last message, my Zoho IP has been blocked by Hotmail for more than 15 days. Although someone said that the issue was "solved," it still isn't, and this amount of time seems neither normal for a "serious" company,

• Keyboard shortcut M key

  I'm trying to customize my keyboard shortcuts and assign the "m" key. But it says the key is already assigned. I've looked through all my shortcuts and can't see any assigned "m". When I select an email and press the M key, nothing happens. What is the

• Manage customer access across multi-brand help centers

  Hello everyone! Managing customer's access across multiple brands has been streamlined with the ability to invite, reinvite, approve, reject, and deactivate contacts individually for each help center brand . This enhancement gives administrators precise

• White Label certificate

  Hi all, About 72 hours ago, we fulfilled all steps for white labeling (CNAME to point to mail.cs.zohohost.eu), but since then the configuration page is now stuck at "generating certificate" since 3 days. When I execute an NSLOOKUP mail.webfoundry.be it

• Unusual activity detected from this IP. Please try again after some time

  When i try to create new addresses on my account i am getting this error, it has been 24 hours now and i am still getting this error can anyone help

• How to add a new domain in my account?

  Probably zoho has the worst UI in the market. Cannot add a new domain to manage a new email address.

• Report sorting not working

  I make extensive use of Summary reports and Pivot Tables. Most of these reports are structured such that I have several columns of "information" data that I want displayed, followed by one or more "Data" summarizations. For example, I have the following

• New Enhancements in Wizards

  Dear All, Wizards help you break a long form into a series of smaller forms on different screens, making it less overwhelming. We are thrilled to introduce a couple of enhancements to wizards in Zoho CRM: Enhancements for conditional rules in Wizards

• Find and Merge Duplicates to trigger webhook

  My sales team uses the Find and Merge Duplicates feature often to cleanup records in the CRM. We use webhooks to signal to our internal tools database when new Contacts are created, updated, or deleted, in order to keep our DB in sync with Zoho CRM. However,

• Charting the 2025 Voyage: Zoho Invoice's Year in Review

  2025 has been a year of progress, productivity, and purposeful growth for Zoho Invoice. From expanding into new regions to refining everyday workflows, each update was designed to help businesses stay compliant, get paid faster, and work with confidence.

• How to Hide System-DefinedTemplates in Service Report

  Is there any option available to hide system-defined templates? these templates are causing confusion for field users.

• WhatsApp Report in Bigin CRM

  Reporting feature for Bigin CRM’s integrated WhatsApp that provides insights such as: Number of WhatsApp conversations closed Number of messages sent and received Number of conversations replied to Response and closure metrics for WhatsApp chats More

• Issue with Azure DevOps Integration in Zoho Flow

  Hello, All workflows between Zoho Flow and Azure DevOps have stopped working for several days now. Upon further investigation, it seems that the connection to Azure DevOps is no longer directly supported. Indeed, Microsoft has deprecated the Azure DevOps

• Narrative 16: Simplify with workflows

  Behind the scenes of a successful ticketing system: BTS Series Narrative 16: Simplify with workflows What is a workflow? A workflow organizes business tasks in a defined sequence that makes each step clear to all participants. This ensures work is completed

• Zoho Invoice Customer Login Portal

  Are there any plans for a customer portal to Zoho Invoice, ala Freshbooks?  I would like customers that I invoice to be able to login to review invoices and invoice history.  I have not switched from Freshbooks for this very reason.

• Random Leads are being created

  Hi, Every few days I am getting random leads that are being created with no form interactions at all. The email addresses are from obvious spam, such as 'Easymerchantsx'. When I look at the timeline, there is a Visit record and then a Lead Created record,

• Print a price list or price book

  Hi Community. Am I right in concluding that Zoho has no functionality to print a price list from either Zoho CRM, Zoho Inventory or Zoho Books? I won't get stuck on the fact that Zoho doesn't sync price books between Zoho CRM and Books/Inventory (more

• Bar Chart -- sort X-axis

  Hi! I created a bar chart ("Top 10 Products by Revenue") X-axis: Product Name Y-axis: Revenue Filter: Revenue - Top 10 Here's a picture: http://screencast.com/t/ZTJlZTdkNz The x-axis is sorted alphabetically by Product Name. How can I force it to sort numerically by Revenue?

• ZoHo Flow Custom Function not Processing JSON

  JSON is being escaped and converting all the quotes in the JSON to '"' Here's the Code: void InsertRowInE123EligibitySheet(map input) { rawData = get("data",""); decodedData = rawData.htmlDecode(); data = decodedData.toMap(); sheet_id = "ID GOES

• Managing functions

  Can someone let me know if there are any plans to improve the features for managing functions in CRM? I have lots of functions and finding them is hard. The search only works on the function name and the filter only works on function type. I have created

• Zoho FSM - Service Appointment Trouble Adding Field Agent

  Hello, I just started using Zoho FSM and I'm currently adding older work orders from prior Field Service application I use. The work order that im trying to add is from an earlier date, and when I try to add a field agent to a service appointment it does

• 年内最後のユーザー向けイベント：5名限定！ 課題解決型ワークショップイベント Zoho ワークアウト開催のお知らせ (12/18)

  ユーザーの皆さま、こんにちは。コミュニティチームの中野です。 12月開催のZoho ワークアウトについてお知らせします。 今回はZoomにて、オンライン開催します。 参加登録はこちら（無料） https://us02web.zoom.us/meeting/register/QHn6kJAcRs-znJ1l5jk0ww ━━━━━━━━━━━━━━━━━━━━━━━━ Zoho ワークアウトとは？ Zoho ユーザー同士で交流しながら、サービスに関する疑問や不明点の解消を目的とした「Zoho ワークアウト」を開催します。

• How do I get my account id?

  Hello, I followed the instructions to get a list of accounts of the currently authenticated user (which is me, and I am logged in). But when I follow the below instructions I get the following error: ERROR: {"data":{"errorCode":"INVALID_TICKET","moreInfo":"Invalid ticket"},"status":{"code":400,"description":"Invalid Input"}} Instructions that I am following: GET - User account details Purpose The API retrieves the list of accounts of the currently authenticated user.  Request URL  http://mail.zoho.com/api/accounts

• Zoho Quartz Screen Recording

  Hello, can we get access to Quartz, please, as a standalone solution? It would be great for creating training videos for current and future staff on how to use Zoho software according to our company requirements. Thank you

• auto close automated alert tickets which are similar

  Hello ZOHO Community, we are using ZOHO Desk to process automated monitoring alerts. Scenario: Our monitoring system creates a ticket when a threshold is exceeded, e.g. Subject: Computer 1 – CPU usage 100% – Error A few minutes later, once the issue resolves

• Maintain knowledge base integrity by moderating article comments

  Hello everyone, A knowledge base provides a self-service platform where customers can refer to articles, user manuals, and other resources to learn about the company's products or services and troubleshoot problems. Often, readers leave a comment on the

• Making another calendar your default calendar

  I am trying to make another calendar my default calendar when I add events to it. It keep going to a single calendar, I need it to go to my google calendar by default, as this is linked to other services / websites. I cannot find an option to make it

• Option to Delete Chats in IM

  Currently, there is no option to delete any chats in IM, regardless of their source.

• Referencing a cell from another sheet

  My workbook has multiple sheets. Each sheet has some calcluated totals in certain cells. The front master sheet has a list of everything that is detailed on the other sheets, with the totals. These could change at any time, so the totals need to be references to the other cell's value, not a fixed number. So on the master sheet, I put in =, then go the other sheet and choose the cell and hit Enter. In regular Excel, this works. But in the Zoho sheet, it doesn't work. I have to edit the result by

• Group mail for external email addresses

  Hello, I was just wondering if the Group mail feature works with external email addresses - e.g. gmail.com or a completely different domain? it seems only internal addresses (hosted with Zoho) receive the mail. Thanks, Oliver

• The email address you have entered belongs to a different deployment/region.

  Hi, I am trying to create the user - mprust@crombiecomputers.co.uk but keep getting the message below -  The email address you have entered belongs to a different deployment/region. Please contact support@zohoaccounts.com for assistance. Look forward

• Use Zoho Flow Credits for CRM ‘Actions by Zoho Flow’

  Hello Team, We would like to submit a feature request regarding credit usage for “Actions by Zoho Flow” in Zoho CRM. Use Case: We are Zoho One users and actively use Zoho Flow, where our organization has 52,000 Flow tasks per month. In Zoho CRM, we use

• Unusual activity detected from this IP. Please try again after some time.

  Hello Zoho admin and IT team We are a registered website in Eloctronic services and we been trying to add our users to the zoho system but this issue faced us ,, hope you unlocked us please.

• Alert if a field is ticked.

  Hi There, We have two modules named Opportunities (Deals) and End Users (CustomModule1), as per the image below. Within Opportunities, we have a lookup field that looks up from the End Users Module. We are looking to get an alert either via email or another

• Zoho CRM Analytics - Allow To Reorder Dashboards

  I would like to suggest that you add the ability to reorder dashboards in the Analytics Module. I can see that this has been requested some time ago, the latest 9 years ago. I am not sure if this is a big or small endeavor, but such a small fix can go

• Sending a Template to Sign

  hi, trying to send a template to be signed using this as a test: $accessToken = "1000.xxx" $templateId = "1234" $uri = "https://sign.zoho.eu/api/v1/templates/$templateId/createdocument" $payload = @{ templates = @( @{ template_id = $templateId request_name

• Adding Choices in a Sub-Form Dropdown

  Hi, Has anybody tried Adding Choices to a Dropdown in a Zoho Creator Sub-Form programmatically? My Deluge code adds rows to a subform with 2 fields A and B. A - text field. B - dropdown. My Deluge script adds the row and displays A successfully. For the

• Zoho CRM Email Templates 100% Width No Background How?

  Hi, On the Zoho CRM Email Templates in setup > customization > templates > new templates > I choose blank template, but still it puts in a gray background and a max width for the email. I just want to make an email that looks like an email I would send from gmail that has no background or max width. How do you do this? 

• Checking client unsubscribe details

  Hi team, Can you please let me know where we can check if a client has unsubscribed, along with the date and time it was done? If this information is not available at our end, please help confirm the unsubscribe date for the below email ID from the backend:

• Cancel zoho one only want to keep zoho vault

  Hello, I would like to cancel my Zoho One subscription and continue using only Zoho Vault. Please ensure that all existing data in Zoho Vault remains intact and is not removed. This month will be my final month under the Zoho One subscription. Thank

• Next Page