Bug: OAuth 2.0 State Parameter fails with Pipe Delimiters (RFC 6749 Non-Compliance)

https://accounts.zoho.com/oauth/v2/auth?response_type=code
    &client_id=<client_id>
    &scope=<scope>
    &redirect_uri=<redirect_uri>
    &access_type=offline
    &state=<state_value>

// Instead of using pipes as delimiters:
state = csrf_token + "|" + user_id + "|" + redirect_path;
// ❌ This breaks Zoho's authorization flow

// Developers must use alternative approaches:
state = csrf_token + "_SEP_" + user_id + "_SEP_" + redirect_path;
// or
state = base64_encode(json_encode({"csrf": token, "user": id, "path": path}));
// or
state = csrf_token; // Store other data server-side keyed by CSRF token

• Topic Participants

• Damien Cregan

  

• Sticky Posts

• Deprecation of SMS-based multi-factor authentication (MFA) mode

  Overview of SMS-based OTP MFA mode The SMS-based OTP MFA method involves the delivery of a one-time password to a user's mobile phone via SMS. The user receives the OTP on their mobile phone and enters it to sign into their account. SMS-based OTPs offer

• Recent Topics

• Creating a custom CSV file using deluge script/

  I have an application I have developed and the client wants us to place an export file in csv onto an ftp server daily. Now I don't see au options in creator to change the separator to anything else. The client wants the separator to be the pipe symbol "|"  I think i would be able to create schedule with some code to create the appropriate data in a string using deluge script but I haven't seen any functionality that would allow me to deposit that data as a file anywhere or attach it to an email

• Can we add custom fields to portal community profiles?

  How do we add custom fields to our profile pages in our portal community? If we have the ability to add custom fields, will we be able to access those fields via API? We want to use our Desk community in our help portal as our primary community and would

• E-Invoicing in Belgium with Zoho Billing

  Starting January 1, 2026, Belgium is introducing mandatory electronic invoices (e-invoicing) for all B2B transactions between VAT-registered businesses. Invoices and credits notes must be exchanged in a prescribed digital format. How E-Invoicing works

• delayed: host mx2.zoho.com (136.143.183.44): Network error: Unexpectedly disconnected (STARTTLS)

  Hi Team, I'm not receiving any email. Seems to be an issue. Sender sent me the error message they received: "delayed: host mx2.zoho.com (136.143.183.44): Network error: Unexpectedly disconnected (STARTTLS)" Please advise.

• Additional Address - Company Name

  It would be very helpful to have a "Company Name" field in the Additional Address shipping section.  In a situation where you drop-ship orders to a different address or different company entirely, it may be necessary to list the company name of the receiver. I understand that the Attention field can be used for that purpose, but that's not really the intended purpose of that field.

• Incorrect Email Notifications for Product Reviews

  Dear Zoho Commerce Support Team, I am writing to report a technical issue that occurs frequently on our platform. Problem Description: We regularly receive email notifications informing us of new product reviews awaiting approval. However, when we access

• How to Rank Tables by Row Count in Descending Order

  I am trying to understand the consume of lines that grow up so fast in the last week. Is there any way to create a pivot table or query to get TABLE NAME LINES in descending order?

• Can we do Image swatches for color variants?

  We want to do something like the attached screenshot on our new zoho store. We need image swatches instead of normal text selection. We want to user to select an image as color option. Is this doable? I don't see any option on zoho backend. Please h

• Export your notes from Notebook!

  Dear users, The long awaited feature is now live. Yes, you can now export your notes from Notebook app in bulk. But the feature has just started with web app alone for now. You can try the export feature as mentioned below: Go to our web app, https://notebook.zoho.com Go to 'Settings' > 'Export' Now, select the format: You can select either ZNote or HTML Once done, you can use the same to import or can have this a local backup of your notes. Note: Export for other platforms are in development and

• Prepopulating Fields

  Hello, I have a form (Assets) with 2 lookup fields: Client (from Clients) Site (from Client Sites) I modified the code (highlighted in red below), so the Site dropdown shows the list of sites related to the Client. must have Client_Site ( type = picklist

• REPORT THAT SHOWS SOH FOR ITEMS THAT HAVE ZERO SALES

  When we started Zoho we imported a lot of inventory lines directly off our suppliers price list and have never ordered / sold. I want to clean up our data base and remove all these lines. What reeport will show me what lines have zero sales as well as

• Automation series : Close all tasks once the project is completed

  When a project is marked as Completed, it might still have open tasks such as recurring tasks that were not marked as complete, tasks that are no longer relevant, or tasks that no longer need attention after closure. To ensure the project reflects its

• Converting Sales Order to Purchase Order

  Hi All, Firstly, this code works to convert a sales order(SO) to a purchase order (PO) via a button, however I am running into an issue when I convert the SO where the values from the line items are not pulled across from the SO to the PO. The ones in

• Horrible Connectivity!

  I have used Meetings several times, but most of the time the connection is horrible. The video freezes, the audio freezes, and we end up cancelling the meeting. I am on a high speed internet connection, and Zoom works fine, so I know it's not a problem

• Is it really true that I can't set the default 'deposit to' account in 2025?

  I've been using Books for 7 years and the default account has never been a problem. I usually manually reconcile invoices and have never had a thought about which account. It has always been my account. However, I recently noticed that for the past 4

• Zoho DataPrep switching Date Format

  When using a pipeline that is importing Zoho Analytics data into Zoho DataPrep, the month and day of date fields are switched for some columns. For example, a Zoho Analytics record of "Nov. 8, 2025" will appear in Zoho DataPrep as "2025/08/11" in "yyyy/MM/dd"

• Using Another Field Value for Workflow Field Update

  I'm trying to setup a Workflow with a "Field Update" action on the Lead module, but I would like the new value to actually be taken from a DIFFERENT Field's on the Lead record (vs just defining some static value..) Is this possible? Could I simply use

• Tax information

  Hello, I need help/guidance on how to add my organization's Tax/VAT information. Thank you Pavly

• Build smarter Guided Conversations with Fork Blocks

  When your customers arrive on your support channel, they're not there to explore. They are usually confused and stuck while trying to fix something important. We understand how stressful that moment can feel and we want your bot to make things easier,

• Custom item field won't allow decimal.

  Hello, I have a custom item field that needs to be able to have a value with a decimal place such as 6.7 or 6.18. I have tried custom formatting the input format but can not get the correct syntax to allow this. Is this possible in Zoho?

• Free webinar: Zoho Sign unwrapped – 2025 in review

  Hey there! 2025 is coming to an end, and this year has been all about AI. Join our exclusive year-end webinar, where we'll walk you through the features that went live in 2025, provide answers to your questions, and give you a sneak peek on what to expect

• HubSpot CRM to Zoho Creator Integration

  I'm trying to create an integration between HubSpot CRM and Zoho Creator with HubSpot being the push source (if a contact is created or updated in HubSpot, it pushes the information to Zoho Creator). I have two questions: 1- Is it best to use Zoho Flow

• Gain control over record sharing with portal users through our new enhancement: criteria-based data exposure

  Dear Customers, We hope you're well! Portals is a self-service avenue through which your clients can access and manage their direct and related data in Zoho CRM. This empowers them to be more independent and enables them to experience a sense of transparency

• Best-practice setup in Zoho One for managing combined candidate pools and exporting anonymised CVs

  We are new users of the Zoho One bundle and operate a consulting and engineering company. Our workforce model includes a mix of permanent employees, active job applicants, and freelance/independent consultants. All three groups need to be searchable,

• Meet Canvas' Grid component: Your easiest way to build responsive record templates

  Visual design can be exciting—until you're knee-deep in the details. Whether it's aligning text boxes to prevent overlaps, fixing negative space, or simply making sure the right data stands out, just ironing out inconsistencies takes a lot of moving parts.

• hard-bounced email list

  Hi, Below pops up when I try to send an Email to some of my customer. Please guide me how to take it out from hard-bounced list? I am not sure how they were marked in hard-bounced list

• Register the 'Contact Role' addition and change as a Potential edition so it can trigger Workflows

  We are trying to use "Contact Roles" in Potentials. Contact Roles are special and different than the other Related lists, so, it may have a special behavior. Something to keep in mind is that you will never have 100 Contact Roles as you can have 100 Tasks, Calls, or any other Related list. In our case we will have 2 in average and up to 4 or 5 maximum. The problem is that we need to bring information from 3 key Contact Roles to the Potential and adding a Contact to the Contacts Roles area never trigger

• Can I change the format of the buttons in the email templates?

  Hi all! We have been working hard trying to brand our email templates, and have some way to go yet. One of the things we can't seem to edit is the green ${Cases.CUSTOMER_PORTAL_BUTTON} button and the font of the View Ticket text. Is there any way of doing

• Best practice to structure reporting to include events covering multiple months / quarters.

  Hi, I'm new to Zoho, have some experience of more "enterprise" tools, looking for some input from the community. I'm looking to create a report that includes events that cover a long period, each event has a start / end date and I'm struggling undertanding

• Marketing Tip #11: Turn features into benefits that sell

  We all love talking about our products, but here’s a secret: customers don’t just buy features, they buy benefits. Instead of just saying "Made from 100% organic cotton," try "Soft, breathable comfort that lasts all day." Benefits tell shoppers how your

• Synchronise item image between Zoho Commerce and Zoho Books/Inventory/CRM

  Here is a blindingly simple idea to tie several Zoho products together. Zoho - please include a method to synchronise the item image (or images) from one Zoho application to another. For example, if you upload an item image in Zoho Inventory, a user should

• How do I migrate from zoho mail to Office 365?

  The manual migration of Zoho Mail to Microsoft 365 typically requires using IMAP to move emails and configuring Microsoft Outlook to sync Zoho Mail. This approach can be error-prone, especially if there are multiple accounts or large email archives. Moreover,

• New Update: Convert External Users in Bulk in Zoho Directory

  Greetings to all Zoho Directory users out there! We’re excited to introduce a new update that makes user management in Zoho Directory even more efficient; you can now convert external users in bulk! Earlier, admins could convert only one external user

• New Update: Convert External Users in Bulk in Zoho One

  Greetings to all Zoho One users out there! We’re excited to introduce a new update that makes user management in Zoho One even more efficient; you can now convert external users in bulk! Earlier, admins could convert only one external user at a time.

• How to edit form layout for extension

  I am working on extension development. I have created all the fields. I want to rearrange the layout in Sigma platform. But there is no layout module in Sigma. How can I achieve this for extensions other than Zet CLI and putting the fields into widget

• Website not properly connecting with Zoho Creator app portal (embed & data sync issue)

  Hello Zoho Community, I’m currently facing an issue while trying to connect my external website with a Zoho Creator app portal. I have a tool-based website ( https://mygardencalculator.com/ ) where users interact with calculators and dynamic content.

• 日本語フォントの選択肢拡充についての要望

  日本語フォントの選択肢がとても少ないと感じたことはありませんか？ 多くのアプリ（たとえば Invoice）ではフォントが1種類しかなく、正直あまり使いやすい・見た目が良いとも言えません。 そろそろ、もっと多くの日本語フォントを追加してほしい、そしてすべてのアプリで同じフォント選択肢を使えるようにしてほしいと、私たちユーザーが声を上げる時期だと思います。 ご存じのとおり、現状ではアプリごとにフォント周りの仕様にほとんど一貫性がありません。 みなさん、一緒に要望を出していきましょう！

• Does anyone know how to setup Zoho Desk or Zoho CRM as a custom outgoing/incoming Call Centre?

  I need to setup a call center so I can setup agents to make phone calls across Canada to market our services.  I am trying to figure out the most reliable and cost efficient way to do this? I am currently paying for two phone services and neither seem

• Display actual mileage on an invoice

  My users are creating expenses in Zoho expense. For example, they expense 10 miles and get paid 7 dollars (10 miles * IRS rate of .70). If I look at the expenses in Zoho Books, it does show them at 10 miles at .70 cent When I add these expense to an invoice

• Prevent Unapproved Quotes from Exporting to Zoho CRM Finance Module

  Is it possible to prevent unapproved quotes in Zoho Books from being exported from Zoho Finance module inside Zoho CRM?

• Next Page