Bug: OAuth 2.0 State Parameter fails with Pipe Delimiters (RFC 6749 Non-Compliance)

https://accounts.zoho.com/oauth/v2/auth?response_type=code
    &client_id=<client_id>
    &scope=<scope>
    &redirect_uri=<redirect_uri>
    &access_type=offline
    &state=<state_value>

// Instead of using pipes as delimiters:
state = csrf_token + "|" + user_id + "|" + redirect_path;
// ❌ This breaks Zoho's authorization flow

// Developers must use alternative approaches:
state = csrf_token + "_SEP_" + user_id + "_SEP_" + redirect_path;
// or
state = base64_encode(json_encode({"csrf": token, "user": id, "path": path}));
// or
state = csrf_token; // Store other data server-side keyed by CSRF token

• Topic Participants

• Damien Cregan

  

• Sticky Posts

• Deprecation of SMS-based multi-factor authentication (MFA) mode

  Overview of SMS-based OTP MFA mode The SMS-based OTP MFA method involves the delivery of a one-time password to a user's mobile phone via SMS. The user receives the OTP on their mobile phone and enters it to sign into their account. SMS-based OTPs offer

• Recent Topics

• ZOHO FORMにURL表示ができない

  初心者です。 ZOHO FORM で宿泊者名簿を作っています。 ゲストが、URLをクリックするとStripeで支払いができるようにURLを表示をしたいのですが、 上手くできません。 やり方が分かる方、ぜひ教えてください。

• Custom module - change from autonumber to name

  I fear I know the answer to this already, but thought I'd ask the question. I created a custom module and instead of having a name as being the primary field, I changed it to an auto-number. I didn't realise that all searches would only show this reference.

• No Automatic Spacing on the Notebook App?

  When I'm adding to notes on the app, I have to add spaces between words myself, rather than it automatically doing it. All my other apps add spacing, so it must be something with Zoho. Is there a setting I need to change, or something else I can do so

• Holidays - Cannot Enter Two Holidays on Same Day

  I have a fairly common setup, where part-time employees receive 1/2 day's pay on a holiday and full-time employees receive a full day's pay. Historically, I've been able to accommodate this by entering two separate holidays, one that covers full-time

• Zoho Bookings and Survey Integration through Flow

  I am trying to set up flows where once an appointment is marked as completed in Zoho Bookings, the applicable survey form would be sent to the customer. Problem is, I cannot customise flows wherein if Consultation A is completed, Survey Form A would be

• Campaigns set up and execution assistance

  Hello Community, Can someone recommend a professional who can assist with the completion of my set up and deployment of Campaigns? Looking for a person or company that is not going to ask for big dollars up-front without a guarantee of performance to

• Zobot with Plugs

  Hello, I am having a problem with Zobot using Plugs. Here is my current flow: When I run the flow, I should immediately see the messages from the initial cards (Send Message cards), then after running the plug, and finally, see the messages after the

• Kaizen #223 - File Manager in CRM Widget Using ZRC Methods

  Hello, CRM Wizards! Here is what we are improving this week with Kaizen. we will explore the new ZRC (Zoho Request Client) introduced in Widget SDK v1.5, and learn how to use it to build a Related List Widget that integrates with Zoho WorkDrive. It helps

• Remove Powered by Zoho at the footer

  Hi, I've read two past tickets regarding this but it seems that the instructions given are outdated. I assume the layout keeps on changing, which makes it frustrating for me to search high and low. Please let me know how exactly do I do this now? Th

• Error AS101 when adding new email alias

  Hi, I am trying to add apple@(mydomain).com The error AS101 is shown while I try to add the alias.

• No Need To Fix Something That Is Working

  Zoho Books is a great financial tool which helps businesses to become more efficient and productive with day-to-day operations. As such, every change, upgrade, improvement needs to be carefully thought before implemented in the software and I'm sure Zoho

• Using email "importance" as workflow-criteria

  I'd like to set up a workflow that triggers if an incoming email has been flagged as "high importance" but I'm not seeing any way to do that. Hopefully I'm just missing something obvious...?

• This domain is not allowed to add. Please contact support-as@zohocorp.com for further details

  I am trying to setup the free version of Zoho Mail. When I tried to add my domain, theselfreunion.com I got the error message that is the subject of this Topic. I've read your other community forum topics, and this is NOT a free domain. So what is the

• What is Resolution Time in Business Hours

  HI, What is the formula used to find the total time spent by an agent on a particular ticket? How is Resolution Time in Business Hours calculated in Zohodesk? As we need to find out the time spent on the ticket's solution by an agent we seek your assistance

• Check & Unchecked Task Segregation in Export

  It must have a feature to represent checked and unchecked tasks as [ ] and [✅] respectively when exporting it to Arratai or WhatsApp ; as Keep Notes by Google contains…

• WorkDrive Download Issue

  My client has been sending me files via WorkDrive, which generally has worked fine. Recently files won't download at all. If you try and individually select and download a file, a popup will appear in the bottom right saying it's preparing and then it

• Resolution Time Report

  From data to decisions: A deep dive into ticketing system reports What are time-based reports? Time-based reports are valuable tools that help us understand how well things are going by breaking down key metrics over specific periods. By tracking, measuring,

• Support Custom Background in Zoho Cliq Video Calls and Meetings

  Hello Zoho Cliq Team, We hope you are doing well. We would like to request an enhancement to the video background capabilities in Zoho Cliq, specifically the ability to upload and use custom backgrounds. Current Limitation At present, Zoho Cliq allows

• Add RTL (Right-to-Left) Text Direction Button in Zoho Cliq

  Greetings Zoho Team, We would like to request the addition of an RTL (Right-to-Left) text direction button in Zoho Cliq, similar to what is already available in other Zoho apps like Zoho Desk. Currently, while using Zoho Cliq with the English interface,

• Enable Backgrounds and Video Filters for 1:1 Cliq Calls Across All Zoho Entry

  Hello Zoho Cliq Team, We hope you are doing well. We would like to request an enhancement related specifically to 1:1 video calls in Zoho Cliq. Current Behavior Zoho Cliq currently provides background and video filter options in the following scenarios:

• Zoho Flow: Stripe a Zoho Marketing Automation

  Hola! Quiero hacer un flujo con Zoho Flow, para que cuando se haga un pago en Stripe, añada el lead en Zoho Marketing Automation. Lo he configurado, configurando el disparador como "Payment created" y mapeando el campo de Stripe "Receipt email address".

• Need Customer Item Inward Module along with QC

  Need Customer Item Inward Module along with QC 1. Using Transfer Orders hit the item balance sheet 2. Items without inventory it becomes difficult for tracking purpose. 3. Custom Modules become tedious to capture multiple items, item subforms are not

• LESS_THAN_MIN_OCCURANCE - code 2945

  Hi I'm trying to post a customer record to creator API and getting this error message. So cryptic. Can someone please help? Thanks Varun

• Zoho email

  I need a list of email addresses of all contacts on my zoho

• Shift-Centric View for Assigning and Managing Shifts in Zoho People

  Hello Zoho People Product Team, Greetings and hope you are doing well. This feature request is related to Zoho People - please don't move it to zoho one! We would like to submit a feature request regarding the shift assignment and management view in Zoho

• Introducing parent-child ticketing in Zoho Desk [Early access]

  Hello Zoho Desk users! We have introduced the parent-child ticketing system to help customer service teams ensure efficient resolution of issues involving multiple, related tickets. You can now combine repetitive and interconnected tickets into parent-child

• cant upload images in signature- urgent help needed. ta!

  HI, I have been trying to insert the company logo in the signature. i have tried it several times since yesterday, the longest I waited was 1 hour and 12 minutes for the pop up window to upload a 180 KB .jpg file. what am i doing wrong.. an urgent reply

• Add Ticket button in Home view

  When I go to the My Tickets or the Knowledge Base view in our Help Centre, the Add Ticket button is available, but not in the Home view. I would really like for it to be displayed in the Home view as well. Is this possible? Thanks.

• Problem using Zoho Desk API

  Goodmorning, I am trying to use the Zoho Desk API to create a dashboard in Grafana, but I am having a problem. Following the instructions in the API documentation, I created the API Console application (server-based application). Then I created the string

• Add zoho calendar to google calendar

  Hi I keep seeing instructions on how to sync Zoho CRM calendar with google calendar but no instructions on how to view Zoho calendar in my google calendar.

• How to print a label from zoho creator app?

  Hello, I would like to print a label from zoho creator app record similar to attached one. Size 74mm x 102mm. I tried record template. It leaves plenty of space around the content and also I couldn't set the height of the page. So it is not printing properly. Could someone please direct me to right direction for this requirement?

• City field suggestion in Zoho Books

  Hi team, We are using Customers module in Zoho Books. In the Address section, we want to understand whether the City field can show suggestions while typing using any API or built-in feature. For example, if a user types “Mum”, can the system suggest

• Non-responsive views in Mobile Browser (iPad)

  Has anyone noticed that the creator applications when viewed in a mobile browser (iPad) lost its responsiveness? It now appears very small font size and need to zoom into to read contents. Obviously this make use by field staff quite difficult. This is not at all a good move, as lots of my users are depending on accessing the app in mobile devices (iPads), and very challenging and frustrating. 

• How can I check all announce?

  Hiii, May I ask how can I check all the announce based on broadcast date instead of reply date based So that I will not will miss out any new function

• What are the create bill API line item requiered fields

  While the following documentation says that the line items array is requiered it doesn't say what if any files are requiered in the array. Does anyone know? API documentation: https://www.zoho.com/inventory/api/v1/bills/#create-a-bill I'm trying to add

• This user is not allowed to add in Zoho. Please contact support-as@zohocorp.com for further details

  Hello, Just signed up to ZOHO on a friend's recommendation. Got the TXT part (verified my domain), but whenever I try to add ANY user, I get the error: This user is not allowed to add in Zoho. Please contact support-as@zohocorp.com for further details I have emailed as well and writing here as well because when I searched, I saw many people faced the same issue and instead of email, they got a faster response here. My domain is: raisingreaderspk . com Hope this can be resolved.  Thank you

• Cannot connect to imap.zoho.eu on iOS26

  Hey, I recently migrated to another iPhone and since then use iOS26. Every since then, I was not able to connect to "imap.zoho.eu" from Apple Mail. I tried deleting the account and adding it again, did not work. I tried creating an app password, didn't

• Personalize your booking pages with Custom CSS

  Greetings from the Zoho Bookings team! We’re introducing Custom CSS for Zoho Bookings, designed to give you complete control over the look and feel of your booking pages. With this new feature, you can upload your own CSS file to customize colors, fonts,

• Marketer's Space: Plan smarter with Zoho Campaigns' Calendar

  Hello Marketers, Welcome to another post! Today, we'll talk about a discreet yet significant feature that's neatly tucked inside Zoho Campaigns: the calendar. It might look like an optional but somewhat unnecessary feature that you can use occasionally,

• User

  If user is already part of manage engine endpoint central , what hapens when i try to add them to another Zoho org / directory? Are these users added as external users?

• Next Page