Bug: OAuth 2.0 State Parameter fails with Pipe Delimiters (RFC 6749 Non-Compliance)

https://accounts.zoho.com/oauth/v2/auth?response_type=code
    &client_id=<client_id>
    &scope=<scope>
    &redirect_uri=<redirect_uri>
    &access_type=offline
    &state=<state_value>

// Instead of using pipes as delimiters:
state = csrf_token + "|" + user_id + "|" + redirect_path;
// ❌ This breaks Zoho's authorization flow

// Developers must use alternative approaches:
state = csrf_token + "_SEP_" + user_id + "_SEP_" + redirect_path;
// or
state = base64_encode(json_encode({"csrf": token, "user": id, "path": path}));
// or
state = csrf_token; // Store other data server-side keyed by CSRF token

• Topic Participants

• Damien Cregan

  

• Sticky Posts

• Deprecation of SMS-based multi-factor authentication (MFA) mode

  Overview of SMS-based OTP MFA mode The SMS-based OTP MFA method involves the delivery of a one-time password to a user's mobile phone via SMS. The user receives the OTP on their mobile phone and enters it to sign into their account. SMS-based OTPs offer

• Recent Topics

• Record Overseas Transactions Along with CC charges

  Hi All, We receive payments via stripe in multiple currencies and stripe takes around 2.5% fees. The amount is settled in INR into our local bank. What should be the currency of the income account used for Stripe payments? Here is a sample flow that we

• Easier onboarding for new users with stage descriptions

  Greetings, I hope all of you are doing well. We're happy to announce a recent enhancement we've made to Bigin. You can now add descriptions to the stages in your pipeline. Previously, when creating a pipeline, you could only add stages. With this update,

• Pieds de page personnalisé - Document Zoho Writer

  Bonjour à tous, Je rencontre un souci avec l’ajout d’un pied de page personnalisé dans un document Zoho Writer. Je souhaite insérer les informations de mon entreprise (notamment un logo + adresse) dans le pied de page. Le problème, c’est que lorsque j’ajoute

• Credit card transactions are backwards after importing statements

  I am new to Zoho Books so I'm importing my firm's bank and credit card statements in. My credit card statements have a single column with negative numbers so that is the option I chose. But when I went to categorize the credit card transactions, I can

• Permissions on Views

  Having the option of any agent creating custom views is firing back and got a situation where there are a hundred different views across the team and tickets are not being dealt in the most efficient of ways. Tickets seems to be missed by some agents,

• Function #8: Add additional charges to invoices

  Here goes one of the highly sought-after custom functions in Zoho Books. If you find yourself needing to apply additional charges to customers on their invoices (say credit card surcharges, or fuel charges applicable to customers from a certain region,

• VIsual maindmaps in Zoho notebook Ai

  Can I create and export VIsual maindmaps in Zoho notebook Ai

• 1stDibs Integration to Zoho Inventory

  Hello is it possible to integrate my Zoho inventory and 1stDibs?

• Community Question: Renewal vs Invoicing

  This is a question for the community. Does anyone else consider there to be a difference between a subscription renewal event and sending out a recurring invoice for a subscription? For example, let's say customer XYZ purchases a 1-year subscription to

• cloud console support for music websites

  Hi Friends, I am not from a very technical background.. So need support from the Zoho family. I want to build a e-commerce website which is in Musical Niche. It will help people learn music & play instruments of all types. There are a few players in the market like Chordify , Guitaa, Guitar Dashboard, ChordU & few others. But I all these websites allow only a few instruments  to play. So I want to build a better  website than the one I mentioned. So wnated to know what UI & AI should I use so that

• Scheduled Reports - Do not send empty report

  Hello, We are intensively using reports in the CRM, especially for sales managers. When data is empty, they still receive an email. Can you add an option to avoid sending the report when data is empty?

• Is Zoho One Desktop more secure than Zoho One Web SaaS?

  Is Zoho One Desktop more secure than using Zoho One in browser? Inherently, it seems desktop would be unless you don't do things like share your pw or leave pc on. I am concerned about data being on the cloud or someone else's server and database.

• Reminder Settings - Time Tracker

  On the time tracker in Reminder Settings I created a reminder according to the Zoho manual. But a manager asked me to change the message that goes in the email. Is it possible to change the message? I didn't find that in the Zoho manual. Another question: I configured to receive the reminder everyone who logged in less than 40 hours. Does Zoho consider less than 40 hours of the current week or the whole month? Another situation, I put it so that I and another specific user would receive the notification,

• Create Item group from a composite Item

  I have applied my mind for hours but cannot figure this out. Can you have a composite item in an item group?. E.g. We bundle different color and size SKU's together as composite items. Also Using composite items as Bill of Materials. We want to create

• Main difference of Zoho Recruit Corporte version and Staffing HR vesion

  Hi Zoho, I need help to fully understand what is the main key point differences of Recruit Corporate version versus the Staffing HR version? We are currently using Corporate HR version and we are looking on having an insightful automated reporting, does

• Out of Stock items showing in Commerce

  I have over 6000 items and most are not in stock, but all items are showing up in Commerce whether they are inventory or not. What option or feature can you use to hide items in Commerce at zero or negative quantities? I currently am using Commerce for

• Is it possible to transfer data from one related list to another within the same module ?

  In the Leads module, there is an existing default Product related list that already contains data. Recently, I added a custom multi-lookup field, which created a new related list in the same Leads module. Now, I need to move the existing data from the

• How to implement new online payment gateway?

  Hello, Can you tell me how to proceed to implement my local payment gateway? DIBS has an open avaiable API that should be easy to implement into ZOHO BOOKS. http://tech.dibspayment.com/dibs_payment_window

• Formula working in MS Excel , is not working in Zoho Sheets, Filter fuction which is working in MS sheets per the attached workbook / Daily update.

  Filter function , which is working in MS Excel is not working in Zoho sheets. Please help on function of filter of particular class sheets and extract students name who has more than 3.5 hours of study hours on particular day depending on date in D7 cell.

• New in Smart Prompt: Record Assistant for contextual assistance, and support for new AI models

  Smart Prompt helps teams stay informed and move faster by providing relevant suggestions where work happens in CRM. With this update, Smart Prompt becomes more adaptable to your organization’s AI preferences. You can now choose which Large Language Model

• Improved Integration Failure Information (And Notification Options)

  Hi, When an attachment service for example fails, you just get "Field x - Error", I can check the field it is failing on and find nothing wrong, same file size, type, dimensions, etc. so more information as to the actual issue would be helpful. And an

• Change User Role in a Form

  Hi, When in a form, it would be good (And consistent) to be able to change the user role/permission like you can with Shared Reports, All Entries or the actual User itself, rather than having to delete the users permission and then add it back again with

• Reassign Partially Saved Entries

  Hi, I would like to be able to go to Partially Saved Entries and like the option to delete them I would like the option to multi-select and be able to reassign them to another user to complete (Such as when a user has left the company). Thanks Dan

• Increase the "Maximum Saved Entries per User" Options Limit

  Hi, You can create lots of saved entries, yet the Limit when you apply one is 25, we may often expect 32 to be in draft, and therefore want to enforce that, can we increase the limit of this field from 25 to 100 (As you can just turn it off and have more

• Product Updates in Zoho Workplace applications | December 2025

  Hello Workplace Community, Let’s take a look at the new features and enhancements that went live across all Workplace applications this December. Zoho Mail Block emails without notifying the sender Block emails without sending a rejection notification

• Zoho CRM for Gmail Extension Not Working in Brave Browser?

  Is anyone able to get the Zoho CRM Chrome Extension working in the Brave browser? They're both built on the Chromium platform and every other Chrome Extension works with the exception of Zoho CRM for Gmail so any ideas here?

• Set Frozen Cells in the Report Settings

  Hi, It would be nice to be able to set the frozen cells in the report Settings, and have an option if this is fixed or can be changed after loading (On the next load it still goes back to the Settings). Thanks Dan

• Microsoft Teams now available as an online meeting provider

  Hello everyone, We're pleased to announce that Zoho CRM now supports Microsoft Teams as an online meeting provider—alongside the other providers already available. Admins can enable Microsoft Teams directly from the Preferences tab under the Meetings

• Tip of the week #26: Import/ Export calendars in Zoho Calendar.

  Any calendar on the web or calendars that you create in any other calendar application can be imported in to Zoho Calendar. This will help you to add the events from the calendars that you import to your Zoho Calendar. You also have the option to export

• Add Zoho Forms to Zoho CRM Plus bundle

  Great Zoho apps like CRM and Desk have very limited form builders when it comes to form and field rules, design, integration and deployment options. Many of my clients who use Zoho CRM Plus often hit limitations with the built in forms in CRM or Desk and are then disappointed to hear that they have to additionally pay for Zoho Forms to get all these great forms functionalities. Please consider adding Zoho Forms in the Zoho CRM Plus bundle. Best regards, Mladen Svraka Zoho Certified Consultant and

• Social icons, open in new tab?

  Hello, I have two social icons on my footer, Facebook and Psychology Today. Clicking on the Facebook icon opens a new tab, the Psychology Today icon does not. I would like them both to open a new tab. Am I missing a setting somewhere?

• Real-Time Screen Annotation During Zoho Cliq Screen Sharing

  Hi Zoho Support Team, Hope you're doing well. We’d like to request the addition of real-time screen annotation tools during screen sharing sessions in Zoho Cliq video calls. 🔍 What We're Looking For: The ability for the presenter—and optionally, other

• Autofill address using smart fields mapped over the pdf document

  Hi, I'm using mail merge to map smart fields onto PDF documents I plan to distribute for signing. I already have a Zoho Sign subscription. When mapping smart fields from the Employee form, I only see the permanent and current addresses which include the

• How do I cap employee leave accrual

  HI there, How do I cap an employee's leave accrual? The policy is that you accrue 15 days leave annually (1.25 days a month) and once you reach 15 days, you wont accrue more until you take leave. Thank you!

• Open sub form from a button as a popup form

  Is there a way within a form to use similar code as below to show a button in the form when clicked opens the subform for data to be added to the record being viewed in the form OpenUrl("#Form:<Customer_Delivery_Address>?<Delivery_Address>=" + input.ID,"popup

• Dont have backup option in setting

  Hi guys. I started using zoho book a week ago. I bought premium package yet I don't have backup option in setting. I hope anyone can help me find a solution. Thanks in advance

• Making Tags Mandatory

  When creating an expense, is it possible to make the Tags field mandatory?  I see the option in settings to make other fields mandatory, like Merchant, Description, Customer, etc, but nothing about Tags. Thanks! Kevin

• Is there a plan to integrate zoho voice with zoho books?

  Hello, Is there a plan to integrate zoho voice with zoho books? Right now we are using the Twilio SMS integration into zoho books, but have recently decided to switch to zoho voice for calls and sms. Is there a plan to integrate zoho voice natively into

• Pass variables to Zoho Desk via URL to create a fast new ticket landing page

  We are integrating our phone system into Zoho Desk. Currently when a helpdesk agent answers the phone, a soft client opens a new tab with zoho desk at the new case page. https://desk.zoho.com/support/companyname/ShowHomePage.do#Cases/new We would like

• Zoho Books Extension: What Happens If Custom Fields Already Exist?

  When developing Zoho Books extensions, what happens if the target Zoho Books organization already has a custom field with the same API name as one defined in the extension? I’m asking because we originally created an on-Books version of this functionality,

• Next Page