Bug: OAuth 2.0 State Parameter fails with Pipe Delimiters (RFC 6749 Non-Compliance)

https://accounts.zoho.com/oauth/v2/auth?response_type=code
    &client_id=<client_id>
    &scope=<scope>
    &redirect_uri=<redirect_uri>
    &access_type=offline
    &state=<state_value>

// Instead of using pipes as delimiters:
state = csrf_token + "|" + user_id + "|" + redirect_path;
// ❌ This breaks Zoho's authorization flow

// Developers must use alternative approaches:
state = csrf_token + "_SEP_" + user_id + "_SEP_" + redirect_path;
// or
state = base64_encode(json_encode({"csrf": token, "user": id, "path": path}));
// or
state = csrf_token; // Store other data server-side keyed by CSRF token

• Topic Participants

• Damien Cregan

  

• Sticky Posts

• Deprecation of SMS-based multi-factor authentication (MFA) mode

  Overview of SMS-based OTP MFA mode The SMS-based OTP MFA method involves the delivery of a one-time password to a user's mobile phone via SMS. The user receives the OTP on their mobile phone and enters it to sign into their account. SMS-based OTPs offer

• Recent Topics

• Proactive Alert for Existing Open Tickets per Contact / Account

  Hello Zoho Desk Team, Greetings, and hope you’re doing well. We would like to submit a feature request aimed at improving agent awareness and efficiency when handling tickets in Zoho Desk. Use case When an agent opens a ticket (new or existing), it is

• Ticket resolution field - can you add links, video, and images?

  Seems like the ticket resolution fields is just a text field. Any plans to add the ability to add links, images...the same functionality in the problem description box? I would like to send the customer a link to a KB article, a link to our Wiki, embed

• Ticket Resolution - Add rich formatting, screenshots and attachments

  The resolution field only allows plain text at the moment. Many of our resolutions involve posting screenshots as evidence, it would be great for us to be able to have rich text formatting, be able to paste screenshots and add attachments in the solution

• CRUD actions for Resources via API

  Hello, is it possible to perform CRUD actions through the API for Resources? We want to create a sync from Zoho CRM Car record to Bookings resources to create availabilities for Car bookings. For Test drives, not only the sales person needs to be available,

• Kaizen #140 - Integrating Blog feed scraping service into Zoho CRM Dashboard

  Howdy Tech Wizards! Welcome to a fresh week of kaizen. This week, we will look at how to create a dashboard widget that displays the most recent blog post of your preferred products/services, updated daily at a specific time. We will leverage the potential

• Convert Lead Automation Trigger

  Currently, there is only a convert lead action available in workflow rules and blueprints. Also, there is a Convert Lead button available but it doesn't trigger any automations. Once the lead is converted to a Contact/Account the dataset that can be fetched

• I'm getting this error when I try to link an email to a deal inside the Zohomail Zoho CRM extension.

  When I click "Yes, associate," the system displays an "Oops!! Something went wrong" error message. I have attached a screenshot of the issue for reference.

• Zoho Sheet - Desktop App or Offline

  Since Zoho Docs is now available as a desktop app and offline, when is a realistic ETA for Sheet to have the same functionality?I am surprised this was not laucned at the same time as Docs.

• ZOHO add-in issue

  I cannot connect ZOHO from my Outlook. I am getting this error.

• Marketing Automation

  L.S. Marketing Automation is and has always been part of the Zoho One bundle - according to the information provided on the Zoho Website. Why when I open Marketing Automation do I get the following message?: "Your trial has expired. We hope you enjoyed

• What's New in Zoho Analytics - January 2026

  Hello Users! We are starting the year with a strong lineup of updates, marking the beginning of many improvements planned to enhance your analytics experience. Explore the latest improvements built to boost performance, simplify analysis, and help you

• Translation from Chinese (Simplified) to Chinese (Traditional) is not working. It randomly translated. Google Translate accurately but zoho translate is not working at all

  Hi friends, The newly added language for translation. https://www.zoho.com/deluge/help/ai-tasks/translate.html "zh" - Chinese "zh-CN" - Chinese (Simplified) "zh-TW" - Chinese (Traditional) my original text: 郑这钻 (and it is zh-CN) translated traditional

• The Social Playbook - January edition: Getting started with content creation

  Social media isn’t just about posting some random content. It’s about why certain content works, how brands stand out, and what makes people pause mid-scroll. The Social Playbook is a monthly community series where we break all of that down. Through real

• Support for Custom Fonts in Zoho Recruit Career Site and Candidate Portal

  Dear Zoho Recruit Team, I hope you're doing well. We would like to request the ability to use custom fonts in the Zoho Recruit Career Site and Candidate Portal. Currently only the default fonts (Roboto, Lato, and Montserrat) are available. While these

• Adding bank details to the contact through API

  How to add bank-related information to the contact while creating it using API? The account number needs to be encrypted before sending it through API but not sure how to encrypt and get those values. Please guide me in this.

• Font breakage in Zoho Mail Desktop Lite application for Mac

  Dear Zoho Mail and Workplace Community, With the latest update of macOS Sequoia and macOS Tahoe, there has been font breakages in the email preview of Zoho Mail Desktop Lite application for Mac. This breakage is due to the corruption of the System fonts

• Feature request - image resizing on sales orders

  I need to be able to show the items on the sales orders, currently the item image shows really small and no way to resize it, need the ability to make the image larger to showcase the product on the pdfs

• Nueva edición de "Ask The Expert" en Español Zoho Community

  ¡Hola Comunidad! ¿Te gustaría obtener respuestas en directo sobre Zoho CRM, Zoho Desk u otra solución dentro de nuestro paquete de CX (Experiencia del Cliente? Uno de nuestros expertos estará disponible para responder a todas tus preguntas durante nuestra

• Automation Series: Auto-Notify External Users on Issue Closure

  Hello Folks! In Zoho Projects, you can notify external issue reporters via email when an issue is marked as Closed. This helps the users avoid manual follow-ups and keeps the reporter updated. In this post, we’ll walk through a simple setup using a Web

• Turn chat conversations into real action with Integration Blocks in Guided Conversations

  When a Guided Conversation fails, it's usually not because the logic is wrong. They fail because the conversation stops moving. A customer starts a chat with a clear goal: report an issue, check a status, or confirm something. At first, the flow does

• Basic Mass Update deluge schedule not working

  I'm trying to create a schedule that will 'reset' a single field to 0 every morning - so that another schedule can repopulate with the day's calculation. I thought this would be fairly simple but I can't work out why this is failing : 1) I'm based in

• click to call feature

  I've Zoho CRM and in that i want click to call feature.

• Can the Product Image on the Quote Template be enlarged

  Hello, I am editing the Quote Template and added ${Products.Product Image} to the line item and the image comes up but it is very tiny. Is there anyway that you can resize this to be larger? Any help would be great! Thanks

• Creating Parent Child relationship in Accounts

  We have customers with multiple locations, I setup the HQ as an account, then I setup the different sites marking the HQ as the parent to that location. If I then do a Deal for one of the locations, is there a way to show by looking at the parent account

• Learner transcript Challenges.

  Currently i am working on a Learner Transcript app for my employer using Zoho Creator. The app is expected to accept assessment inputs from tutors, go through an approval process and upon call up, displays all assessments associated with a learner in

• Client and Vendor Portal

  Some clients like keeping tabs on the developments and hence would like to be notified of the progress. Continuous updates can be tedious and time-consuming. Zoho Sprints has now introduced a Client and Vendor Portal where you can add client users and

• need a packing list feature

  In our business, goods listed on an invoice are packed in separate boxes and shipped off. for e.g. an invoice may have 10 items. each item could then be packed in different boxes depending on qty of each item. this packing list is as important as the invoice for purposes of shipping documents.  Request you to add this feature asap.

• Recording the deducted TDS on advance received from Customer (Zoho Books India)

  Hi, How can we record the tds that has been deducted by my customer for the advance that he has paid to me. 1) My customer has paid Rs 10000 to me as advance (Rs 9800 as cash and deducted Rs 200 as TDS). I am not able to record the tds that has been deducted

• #7 Tip of the week: Delegating approvals in Zoho People

  With Zoho People, absences need not keep employees waiting with their approval requests. When you are not available at work, you can delegate approvals that come your way to your fellow workmate and let them take care of your approvals temporarily. Learn more!

• Admin Tip: Manage sub-domain emails using sub-domain stripping

  As an admin, you may need separate domains for different departments such as sales, support, and marketing. While this approach offers flexibility, creating and managing multiple domains can quickly become overwhelming, especially since each domain requires

• Quick Copy Column Name

  Please add the ability to quickly copy the name of a column in a Table or Query View. When you right-click the column there should be an option to copy the name, or if you left-click the column and use the Ctrl+C keyboard shortcut it should copy the

• Ability to Edit YouTube Video Title, Description & Thumbnail After Publishing

  Hi Zoho Social Team, How are you? We would like to request an enhancement to Zoho Social that enables users to edit YouTube video details after the video has already been published. Your team confirmed that while Zoho Social currently allows editing the

• How do I remove a data source from Zoho Analytics?

  I am unable to find a delte option on a datasource that i put in the system as an error. On teh web it refers to a setup icon but I do not see that on my interface?

• Add Employee Availability Functionality to Zoho People Shift Module

  Hello Zoho People Product Team, Greetings and hope you are doing well. We would like to submit a feature request to enhance the Zoho People Shift module by adding employee availability management, similar to the functionality available in Zoho Shifts.

• Bigin, more powerful than ever on iOS 26, iPadOS 26, macOS Tahoe, and watchOS 26.

  Hot on the heels of Apple’s latest OS updates, we’ve rolled out several enhancements and features designed to help you get the most from your Apple devices. Enjoy a refined user experience with smoother navigation and a more content-focused Liquid Glass

• Is Desk Down?

  Across department - always an error. [Status Mode] - error [Table View and the rest] - working

• How do I change the wording of the tile of SignForm?

  When my user opens a SignForm url, the title that is presented is always "SignForm signer Information" and a form is displayed asking for the username and email address. This can be confusing to the end user. How can I change the title at least (Or at

• How to link tickets to a Vendor/Vendor Contact (not Customer) for Accounting Department?

  Hi all, We’re configuring our Accounting department to handle tickets from both customers and vendors (our independent contractors). Right now, ticket association seems to be built around linking a ticket to a Customer / Customer Contact, but for vendor-originated

• Automatic Matching from Bank Statements / Feeds

  Is it possible to have transactions from a feed or bank statement automatically match when certain criteria are met? My use case, which is pretty broadly applicable, is e-commerce transactions for merchant services accounts (clearing accounts). In these

• Unify Overlapping Functionalities Across Zoho Products

  Hi Zoho One Team, We would like to raise a concern about the current overlap of core functionalities across various Zoho applications. While Zoho offers a rich suite of tools, many applications include similar or identical features—such as shift management,

• Next Page