Bug: OAuth 2.0 State Parameter fails with Pipe Delimiters (RFC 6749 Non-Compliance)

https://accounts.zoho.com/oauth/v2/auth?response_type=code
    &client_id=<client_id>
    &scope=<scope>
    &redirect_uri=<redirect_uri>
    &access_type=offline
    &state=<state_value>

// Instead of using pipes as delimiters:
state = csrf_token + "|" + user_id + "|" + redirect_path;
// ❌ This breaks Zoho's authorization flow

// Developers must use alternative approaches:
state = csrf_token + "_SEP_" + user_id + "_SEP_" + redirect_path;
// or
state = base64_encode(json_encode({"csrf": token, "user": id, "path": path}));
// or
state = csrf_token; // Store other data server-side keyed by CSRF token

• Topic Participants

• Damien Cregan

  

• Sticky Posts

• Deprecation of SMS-based multi-factor authentication (MFA) mode

  Overview of SMS-based OTP MFA mode The SMS-based OTP MFA method involves the delivery of a one-time password to a user's mobile phone via SMS. The user receives the OTP on their mobile phone and enters it to sign into their account. SMS-based OTPs offer

• Recent Topics

• Adding Taxes to paid consultations in Zoho Bookings

  I created a 'paid' consultation under Zoho Booking and integrated it with payment gateways for online/instant payment before a booking is done. How can I add 'taxes' to the price of consultation? I can add taxes to other Zoho apps (liks Books, Checkout,

• Zoho CRM Reports Module on Mobil App

  I have the mobile app and the reports module doesn't appear in the sidebar for some reason. I saw a Youtube video where the user had the Reports module on mobile. Is there a setting to show it on mobile? Thanks.

• Inquiry on Help Centre Tab Customisation

  Hi Zoho team, I’m wondering if it’s possible to further customise the Help Center tabs, specifically the descriptions under Knowledge Base, Community, and Tickets. While the current setup allows customising tab names, being able to tailor the descriptions

• Passing a form object to a function

  Suppose I have a sort_order field in multiple tables and I want to increment it by +1 onCreate of a new record. Is there a way to pass the form object as an argument into the function to keep things DRY? The following function from Zia works, but I'd

• Can you copy and paste a page within a form?

  I have been looking at trying to copy/duplicate a whole page within a form. I can't see how I can do this without having to add all the data in again. This is very time consuming. Any help would be great.

• Unable to sort as Descending order

  Trying to change the sort order for a lookup field (checkboxes) from Ascending to Descending and keep getting an error in Deluge that the order must be Ascending Did anyone ran into this? Thanks Eyal

• How do I copy an email message to one or more other folders?

  I can move a message to another folder using the "move to" option but I can't figure out how to copy a message. 

• New feature request: Allow copy of email message to another folder

  Hello Zoho team, This is a suggested new feature to allow copy an email message to either another folder or the same folder. Within the same Zoho account. This is not a support request about "label". This is a suggested new feature to allow copies of

• Creator Simplified #11: Create a custom button to download files

  Hey there! This time, let's see how to create custom buttons to download the files uploaded in the file upload field. Sample use-case A training app has a module that provides the materials for all the available courses. Students can click on the corresponding

• Hide horizontal lines at bottom of form

  Hi I have a page with 3 forms embedded in html snippets. On each of the forms I can hide the submit button easily but I am left with the horizontal lines that bound that section and I cannot figure out to remove them (see below for the two sets of horizontal

• Autosaving of Form Field

  HI can anyone suggest a way of autosaving or simulating an autosave function for a specific field in a form. The story is as follows. I have a bunch of technicians who write notes on how they do a repair. Sometimes they write for a couple of hours the troubleshooting process. If they click incorrectly, press ESC, Cancel or the browser crashes the information is lost which can be heartbreaking so my guys use notepad and then copy the information in. The only way around this is to click submit on the

• Ask the Experts 26: Brighten every customer interaction with Zoho Desk all year long

  Hello everyone, Greetings and welcome to Ask the Experts 26. As we wrap up 2025, we are excited to invite you to the 26th episode of our Ask the Expert series. 🎄The Merry Metrics Edition = Best of Zoho Desk [Best Practices + Holiday Automation + Year-End

• Pricing calculator

  Alright, so I'm trying to create a pricing calculator/pricing report generator to use in a cabinet shop. I did all the logic and such, and the calculator works. I have a few other things that I would need it to be able to do though, I'll do my best to

• Bug Details

  In the Bug detail the milestoneid is missing

• Is there a way to make a button scroll down?

  Looking to have a button on a landing page scroll down to another section on the page. Any recomendations outside of coding?

• Stop completed task lists from disappearing?

  Is there any way to stop projects from making tasks lists disappear when all the tasks in the list are completed? That's one of those little things where we're constantly fighting the product. For instance we have some projects which are ongoing - no start and end date. We use Kanban view to show the various task lists. We don't want the kanban list to disappear every time the items on it happen to be closed out. Thanks

• Allow customers to choose meeting venue and meeting duration on booking page

  My business primarily involves one-to-one meetings with my clients. Given the hybrid-work world we now find ourselves in, these meetings can take several forms (which I think of as the meeting "venue"): In-person Zoom Phone call I currently handle these

• Booking outside of scheduled availability

  Is there a way for staff (such as the secretary) to book appointments outside of the scheduled availability? Right now to do this special hours must be set each time. There should be a quicker way. Am I missing something?

• Operation Questions.

  Hello, I hope you are well. To explain a little, we are a company that sells services and products with a technical team responsible for installation and maintenance. Zoho FSM can be useful for the technical team, namely for the technical coordinator

• Update date & time when a cell is edited

  Hi All, I am desiring to have a cell update with the current date and time when another cell is edited. Any ideas?  Thank you

• Add "Groups" to "Share With" on Reports & All Entries

  Hi, On Forms we can share Publicly, with Specific Users And/Or Specific Groups or All Users. With Reports and All Entries we lack the "Groups" option, please add this as with many users this saves a lot of work. Thanks Dan

• Add Pause / Resume Option to Zoho Quartz Recordings

  Hi Zoho Team, We would like to request an enhancement to Zoho Quartz recordings: the ability to pause and resume an ongoing recording. Current Limitation: At the moment, when recording an issue with Zoho Quartz, the recording continues even when we are

• Custom Fields Not Showing Up in Invoice PDF Template Document Information

  I have added 2 custom fields under Sales > Invoices > Manage Custom Fields. They are set to show in all PDFs. However when I am editing my Invoice PDF template, i do not see the custom fields under Document Information.

• ZOHO Books

  Hi there, Why after I upgrade my Zoho invoice > Books then i wanted to add plugin which i cannot do. Please advise.

• How is Your eCommerce Experience w/Zoho Inventory?

  First off, I'm SUPER grateful for the advent of Zoho Inventory and now the Zoho Commerce Suite. Overall, Inventory is a great product, especially for customers without an eCommerce presence. For eCommerce companies (especially those shipping more than ~10 packages/day), however, there are certain drawbacks that keep my clients from moving over to Zoho Inventory: Cons: 1. Invoice + Package Creation from Shopify/Other eCommerce Integrations: Zoho Inventory makes the somewhat perplexing decision to

• Simplify Mass Replies with Predefined Templates and Snippets

  Hello everyone, We are happy to introduce a new enhancement to Mass Reply that helps agents respond to customers quickly and consistently. With the addition of Email Templates and Snippets in the reply window, agents can use predefined messages while

• Mapping custom fields from one module to another

  I have a custom field, "Subscription Period" that appears as a required field in every Opportunity (Potential). I want that field to appear on any Quotes derived from that Opportunity (and have created a custom field of the same name in Quotes for that

• The Social Wall: November 2025

  We’re nearing the end of the year, and the holiday season is officially kicking in! It’s that time when sales peak and your social media game needs to be stronger than ever. We’re back with exciting new updates across AI, analytics, and the mobile app

• How to update Multi File upload field

  Assume that i have a multi file upload field,how can i update the same field again?

• Customer Address Not on Standard Invoice when Address is on Contact Record

  Hi,  I entered the customer billing and shipping address in Zoho CRM. I created an invoice in Zoho Books with the same customer contact. The contact is correctly in Zoho Books with the billing and shipping address. The invoice for the customer does not

• Apply partial payments to invoices from the Banking Module

  We need this! Why is this not possible?

• Welcome to the Zoho Show Community Forums page!

  Hello everyone, The Zoho Show community is a place for you to discuss and share anything and everything related to Zoho Show Presentations, our online presentation software. It includes users from all over the globe and all walks of life. Our community helps answer your Zoho Show questions with responses from other knowledgeable community members to give you the best experience creating and designing exciting presentations. Along the way, you'll meet recognized experts from our software team and

• How can I convert an existing contact into a lead?

  I imported many contacts into ZOHO CRM. In order to select a few of them as leads, I want to mark or convert a few hundred as Leads. Who can I do that?

• Price book functionality enhancement

  A common use of price books is to create a price book for a given customer level or contract with a specific company. Given that this is done at a company/customer level it would be great to see a way to associate a price book to a given customer and

• Can we have 24x7 live support for Zohobooks ?

  Can we have 24x7 live support for Zohobooks ?

• Important update about notification security in Business Messaging SDK

  As part of our ongoing effort to strengthen the security of notification data, we have enhanced how notifications are processed and protected in our applications. These improvements ensure that all notification related data follows the most up-to-date

• Sync Zoho Marketing Automation with Zoho Forms

  I can't find a section where the integration between Zoho Marketing Automation and Zoho form is explained. And how form subscription works with opt-in and consents.

• What is the difference between Zoho Campaigns and marketing hub?

  Zoho Campaigns is a permission-based email marketing tool for sending marketing emails and mass emails. Marketing Automation is a multichannel marketing automation tool that caters to organizations looking for tools to engage their users across multiple

• Webhook not firing.

  I created a webhook using the Web UI, it looks very nice and the testing worked without an issue, but when i save/ update a ticket, the webhook is not firing. Here are the details of the web-hook i get from using the API "modifiedTime": "2019-10-22T09:23:37.380Z",

• Duplicate customers being created in Desk

  Hi I've trying to work out why I've getting duplicated customers being created in my desk. I have an external booking system that generates an email when I get a customer booking a job. A booking email gets sent to Desk where I manage the booking and

• Next Page