Bug: OAuth 2.0 State Parameter fails with Pipe Delimiters (RFC 6749 Non-Compliance)

https://accounts.zoho.com/oauth/v2/auth?response_type=code
    &client_id=<client_id>
    &scope=<scope>
    &redirect_uri=<redirect_uri>
    &access_type=offline
    &state=<state_value>

// Instead of using pipes as delimiters:
state = csrf_token + "|" + user_id + "|" + redirect_path;
// ❌ This breaks Zoho's authorization flow

// Developers must use alternative approaches:
state = csrf_token + "_SEP_" + user_id + "_SEP_" + redirect_path;
// or
state = base64_encode(json_encode({"csrf": token, "user": id, "path": path}));
// or
state = csrf_token; // Store other data server-side keyed by CSRF token

• Topic Participants

• Damien Cregan

  

• Sticky Posts

• Deprecation of SMS-based multi-factor authentication (MFA) mode

  Overview of SMS-based OTP MFA mode The SMS-based OTP MFA method involves the delivery of a one-time password to a user's mobile phone via SMS. The user receives the OTP on their mobile phone and enters it to sign into their account. SMS-based OTPs offer

• Recent Topics

• FSM Improvement Idea - Show an Import button when there is no data

  I am setting up FSM for a client and I noticed that there is no option to import data, see screenshot below. Even when you click Create Contact there is only an option to Import from Zoho Invoice. It is only after you add at lease 1 record that the Import

• UI Improvement - Ability to Collapse Flow

  The UI for Flow is generally pretty good. However, when multiple decision trees are used, the layout can get pretty convoluted and hard-to-follow (see one of my Flows below): In these cases, even the auto-arrange fails to make this something that a normal

• Tasks Statuses

  Hi, The task status "Completed" is a final status which closes the task. We need to have a status "Cancelled". However, when the status is set to "Cancelled", the task prompt still has a blue button to Close Task. When the customer clicks that and closes

• Add Lookup Field in Tasks Module

  Hello, I have a need to add a Lookup field in addition to the ones that are already there in the Tasks module. I've seen this thread and so understand that the reason lookup fields may not be part of it is that there are already links to the tables (

• Create New Tasks Layout in CRM

  I am able to do this in Leads, Contacts, Meetings, Calls - every other module, but cannot create a new layout in tasks. I have the appropriate access but it's simply not appearing as an option. Only "Standard" option shows. Please help!

• Using IMAP configuration for shared email inboxes

  Our customer service team utilizes shared email boxes to allow multiple people to view and handle incoming customer requests. For example, the customer sends an email to info@xxxx.com and multiple people can view it and handle the request. How can I configure

• Auto-sync field of lookup value

  This feature has been requested many times in the discussion Field of Lookup Announcement and this post aims to track it separately. At the moment the value of a 'field of lookup' is a snapshot but once the parent lookup field is updated the values diverge.

• Zoho Recruit Subscription

  Hello Zoho Recruit Team, Good day! I would like to inquire about your recruitment subscription plans and would also like to verify the current subscription our company is enrolled in under Zoho Recruit. Thank you, and I look forward to your response.

• Automatic Portal invite

  We have numerous customers we move through a blueprint in deals, when they get to a certain point we need to give them portal access, how can this be done through deluge or a workflow? Latest Update (December 2025): The option to automate portal invitations

• Marketer's Space: Why mobile optimization deserves a place in your email strategy

  Hello Marketers, Welcome back to Marketer's Space! Today, we'll talk about the importance of creating mobile-friendly email designs. While mobile phones were once used only to make phone calls, today they're used for almost everything, including texting,

• Enhancements in Canvas

  Dear All, Greetings! Canvas lets you design the record details page to suit your brand or business preferences. We are glad to introduce the following enhancements to uplift your design experience. Reusable Components Style Presets Let's go! Reusable

• Introducing Dark Mode / Light Mode : A New Look For Your CRM

  Hello Users, We are excited to announce a highly anticipated feature - the launch of Day, Night and Auto Mode implementation in Zoho CRM's NextGen user interface! This feature is designed to provide a visually appealing and comfortable experience for

• ABN with Legal Entity Name

  Hi, How can I execute this? The ABN number is entered in Accounts Module and ideally, it should display or suggest the correct Legal Entity Name based on the ABN lookup. ex. Account Name: JPG Resources ABN Number: 65 067 761 871 Legal Entity Name: (auto

• Issue: Ticket Export Does Not Include Ticket Threads

  Dear Zoho Desk Support Team, I hope you’re doing well. I wanted to bring to your attention that the current ticket export feature in Zoho Desk does not seem to include the ticket threads or conversation history. When exporting tickets, only the summary

• Pushover Notification Module

  Hello, it would be good if there would be a "Pushover" (https://pushover.net/) module besides the standard SMS module. Pushover is now very well known, especially in IT, and is becoming more and more popular. The biggest advantage are the customizable

• Forward - no Ticket Number

  Hello, when I send an email to Zoho Desk via Reply or Reply All, the ticket number is in the subject line. But if I use forward then not. Is there an option to change this? We often forward e-mails and a reply to this will of course create a new ticket

• Checkout: Adding Images

  Hello everyone, I’m trying to add a small GoGreen logo in the shipping section of the checkout to promote our sustainable shipping. While I can insert text without any issues, it seems that adding images is not supported in this area. Is there currently

• [solved] #original_sender trick not working for us

  Hello community ! We really like DESK.. it's working like a charm for us but I have a request. Some users are sending emails personnaly to me (instead of using the support adress).. and I saw there was a possibilty to use : #original_sender {mail@mail.com}

• SalesIQ Chat Notifications

  I am the admin of our salesIQ implementation. About two weeks ago, I started hearing/seeing notification for ALL chats messages from monitored agents/chat participants. I don't need to see these, we have a manager who deals with this. I can't stop the

• Correlated subqueries not supported in Zoho Analytics. This creates huge limitations

  Running into a major limitation in Zoho Analytics: correlated subqueries simply don’t work, even in completely standard SQL patterns inside a JOIN. Example: LEFT JOIN "Bills" b ON d."Id" = b."Deal ID" AND EXISTS ( SELECT 1 FROM "Bill

• Batch Emails in CRM Plus without using a template?

  Hi guys. Is it possible to send the same email to multiple people at the same time within CRM Plus without using an email template? At the moment we create a custom view in Contacts to display the people that we need. We then click the boxes on the left, and click 'Send Mail', but always need to select a template. Sometimes its better to write a quick one off message, without needing to set up a template first. Thanks.

• bank charge

  a charge to my account was made that I did not authorize, of $16.46, for something that looks like "computer maintenance or something to that matter". please refund.

• [Free Webinar] Product Updates: Quick Catch-Up Session - Part II - Creator Tech Connect

  Hello Everyone! We welcome you all to the upcoming free webinar on the Creator Tech Connect Series. The Creator Tech Connect series is a free monthly webinar featuring deep-dive technical sessions designed for developers, administrators, and app builders.

• Introducing Liquid Glass UI on the Zoho Mail iOS app

  Hello everyone! We're excited to announce that the Zoho Mail app is now fully optimised for iOS 26's Liquid Glass design on both iPhone and iPad! The updated interface features transparent layers, smooth animations, and refined visual elements that enhance

• Plan change from Zoho One to Zoho Workplace

  Hello Zoho, Following the recent pricing update for Zoho One, we are interested in transitioning to Zoho Workplace products. Please inform us about the necessary steps for this process so we can proceed promptly. Kind regards,

• Links in Instagram

  Hi there, I have been using Later for a while now but keen to come back to Zoho Social as Later doesn't offer tagging of pages on Facebook but they offer something Zoho doesn't. You can add a link to your bio which opens up your profile feed where images

• Spotlight #7 - Automatic Transitions in Blueprint

  Previously, records could not be moved from one state to another without user intervention. With automatic transitions, move records from one state to another automatically, when it elapses its pre-defined time. This Spotlight discusses how automatic

• Sub Folders

  It would be great if there could be sub-folders in reports. We have a ton of individual reports and folders that would be easier to navigate this way 

• Zoho CRM Community Digest - November 2025 | Part 2

  Hello Everyone! Second half of November brought several exciting updates, especially around Zia, making AI assistance smarter, faster, and more context-aware. We also feature engaging community snippets highlighting members who went the extra mile to

• Zoho CRM - Writing Assistant Tone

  Hi Zoho CRM Team, Text in my emails often gets underlined in yellow because I tend to use a more informal tone with my client's, like using "I'm" instead of "I am". Is there some way for me to tell the system that this is my preferred writing tone, so

• Hide Contact Number for Field Users & Agents

  Is it possible to hide the contact number in both the Service Appointment and Work Order modules for field users and agents? The agents are using the Zoho FSM mobile app, and we want to restrict them from viewing the contact number.

• Form Submission Emails

  Is there a current delay with submission emails being sent? We've had 10-20 forms completed today but only a handful of emails.

• 【Zoho CRM for Everyone】設定画面のアップデート

  ユーザーの皆さま、こんにちは。コミュニティチームの藤澤です。 今回は「Zoho CRM アップデート情報」の中から、Zoho CRM for Everyone の設定画面のアップデート情報をご紹介します。 目次 設定ホーム画面の追加 設定画面での検索結果の表示形式の変更 設定画面でのよく使用する機能の表示 設定メニューの展開/折りたたみ状態の保持 1. 設定ホーム画面の追加 ホーム画面の設定項目は、直感的に分類できるように"カテゴリごと"で分けられています。 このような一元化された表示により、各ツールが1つの画面に集約され、必要な機能をより簡単に見つけられるようになりました。

• What's New - November 2025 | Zoho Backstage

  A new month, a new set of updates. With a mix of new features and thoughtful improvements, you get smoother workflows and better control across registrations, exhibitors, and communications. Let's take a look at what's new and enhanced in Zoho Backstage

• Zoho Checkout - Duplicate Customer record created for each payment received

  Hi All. We are using Zoho Checkout to capture online payments for a club membership form (in Zoho Forms). We've noticed that each new payment seems to create a new customer record, regardless of whether the customer already exists in the Zoho Finance

• Templates for Zoho Desk - Knowledge Base

  We are looking at migrating our Knowledge base into Zoho Desk. Is there a way of creating templates for article in Knowledge base. We want to be able to set templates for certain types of content. Is this possible

• Import KB template OR Export template for zoho desk?

  Greetings. Can you tell me if there is a way to get an EXPORT of my KB articles? OR is there a template you supply for importing KB articles into my zoho desk? I am looking for a method of understanding what fields can be imported, and what their possible

• What KPIs Do You Use to Measure Your Support Team’s Performance in Zoho Desk?

  Hi everyone, We hope you’re all doing well. We are trying to improve how we measure the performance and effectiveness of our support department, and we would really appreciate learning from the community. We assume there are several common and widely-used

• Backorder quantity change

  New Purchase Order × Almost there, but... Quantity of items in this purchase order is greater than the quantity that can be backordered from that sales order. Why can't I change the quantity of a backorder purchase? It looks like a normal order form and I would like to use it as one because I increased the amount and added some items. 

• How to Associate multiple contacts with deal in Sales Inbox

  Hello, I have many deals that have multiple potential customers associated with a single deal, for example an engineer and a manager. The manager is the Deal's primary contact in CRM and the Engineer is added to the deal in the "Contact Roles" Associated

• Next Page