Bug: OAuth 2.0 State Parameter fails with Pipe Delimiters (RFC 6749 Non-Compliance)

https://accounts.zoho.com/oauth/v2/auth?response_type=code
    &client_id=<client_id>
    &scope=<scope>
    &redirect_uri=<redirect_uri>
    &access_type=offline
    &state=<state_value>

// Instead of using pipes as delimiters:
state = csrf_token + "|" + user_id + "|" + redirect_path;
// ❌ This breaks Zoho's authorization flow

// Developers must use alternative approaches:
state = csrf_token + "_SEP_" + user_id + "_SEP_" + redirect_path;
// or
state = base64_encode(json_encode({"csrf": token, "user": id, "path": path}));
// or
state = csrf_token; // Store other data server-side keyed by CSRF token

• Topic Participants

• Damien Cregan

  

• Sticky Posts

• Deprecation of SMS-based multi-factor authentication (MFA) mode

  Overview of SMS-based OTP MFA mode The SMS-based OTP MFA method involves the delivery of a one-time password to a user's mobile phone via SMS. The user receives the OTP on their mobile phone and enters it to sign into their account. SMS-based OTPs offer

• Recent Topics

• "code": "500","description": "Account not exists", mail api

  I have been through all the steps and have a functioning Oath access_token etc etc... I then GET https://mail.zoho.com/api/organization And get my zoid then GET http://mail.zoho.com/api/organization/<hidden>/accounts and get the account details, which

• RTL Support for Webforms in Zoho CRM

  Dear Zoho CRM Support Team, We are writing to request an enhancement to the webform builder functionality within Zoho CRM. Currently, to create a webform in a right-to-left (RTL) language, the entire CRM instance must be set to RTL, which can be inconvenient

• Imported contacts succesful but contacts do not show up in Contacts

  I imported +300 contacts. I can see them in import history. When clicking on a contact in import history I see all the imported contact details for any given contact. So import seems to be successful.   However the imported contacts do not show up in the contacts tab. Not in All contacts, and not in a filtered view where they absolutely should show up. The search function also does not find any imported contact.   Help?

• Zoho Voice lance BYOC (Bring Your Own Carrier) : intégrez votre opérateur

  Pour accompagner sa croissance, une entreprise a besoin d’une infrastructure téléphonique flexible et évolutive. Les solutions de téléphonie s’adaptent aux exigences du centre de contact, tout en intégrant aisément les opérateurs locaux de votre choix.

• Digest Novembre - Un résumé de ce qui s'est passé le mois dernier sur Community

  Bonjour chers utilisateurs, Avec l'arrivée du dernier mois de l'année, il est temps de résumer les activités de novembre dans la communauté Zoho France. Ce mois-ci, Zoho Webinar se dote de deux nouvelles intégrations ! La première est avec Zapier : connectez

• E-Invoicing in Belgium with Zoho Books

  Starting January 1, 2026, Belgium is introducing mandatory electronic invoices (e-invoicing) for all B2B transactions between VAT-registered businesses. This means that invoices and credits notes must be exchanged in a prescribed digital format. How E-Invoicing

• Announcing new features in Trident for Mac (1.30.0)

  Hello everyone! We’re excited to introduce the latest updates to Trident, bringing you a more seamless, intuitive, and secure communication experience. Let’s take a quick look at what’s new. Work with PST/EML files more efficiently. You can now do more

• Open Form in Same window as Page from embedded Report

  I have a page that has an embedded report, as shown below. When I click the + sign to add a new record, the form shows up inside the page where the report was embedded. I know that I can add a custom action to the report grid or report detail view and

• Pricing Strategies: #4 Counting on Discounts

  "Is there any chance I can get a little discount on this month's service?" Maya hears this almost every time at her fitness studio. She offers monthly subscription plans for various services, including yoga, strength training, wellness sessions, and personal

• Introducing Query Workbench in Zoho CRM

  Hello everyone! We’re excited to announce the Query Workbench, a brand-new interface designed to improve developer experience of building Queries in Zoho CRM faster, simpler, and more intuitive. In the past, constructing queries required navigating across

• Limitation with Dynamic Email Attachment Capture

  I've discovered a flaw in how Zoho Creator handles email attachments when using the Email-to-Form feature, and I'm hoping the Zoho team can address this in a future update. The Issue According to the official documentation, capturing email attachments

• Add Customer in Books on Creator Form Submit Params

  Hi guys, Were integrating a creator app with books however what were doing is adding a books customer on submit of creator form.  We have some parameters but some fields aren't coping, All were seeing is the contact name in books,.  Any help of the params for this would be great. below is a sample of the script... response = zoho.books.createRecord("contacts", "XXXXXXXXX", { "contact_name" : input.Name, "address" : input.Email }); 

• Weekly Tips: Protect Confidential Information with PGP in Zoho Mail

  We deal with confidential information almost every day, whether it is being sent out or received. Though emails sent using Zoho Mail are encrypted both during transit and at rest, attempts to access and steal your sensitive data are always a threat that

• Suggestion : link KB with Accounts

  Hi Zoho teams.  I think it could be good to link KB articles with  : accounts in order to easily  find articles dedicated to some account specificities. I tried to use tags , but tags are free text with not easy way  to retrieve it directly from ticket or list article for one tag. Tickets : It would be a good way to measure usage of KB directly from ticket when we don't need to copy/paste KB in solution. And : Great Tool , keep going ! 

• Drag and Drop in Creator Application

  Hi, I am in the planning phase of a new application and I would like to use 'Drag and Drop' in the user interface of my new Creator application that I am sketching out, but I don't seem to be able to find any reference that this is available to developers. In my instance I have table of entries and I would like to be able to allow users to move an entry to another table (much like you do in your own interface when creating a Pivot Table report. In addition, I would like the user to be able to re-order

• Is there any way to integrate Zoho with Zapier?

  Is there any way to integrate Zoho with Zapier? I'd like to use it to create a workflow, sharing posts from our Wordpress website to all our channels.

• Popular Articles Report

  From data to decisions: A deep dive into ticketing system reports Content management teams can use various metrics to assess the effectiveness of knowledge base articles, improve content quality, and ensure articles are regularly updated. Predefined article

• Invoice Ref. Field

  Hello Team, Currently, the Invoice Ref. field is set to a Number type with a maximum limit of 9 digits. However, we often receive customer invoices that contain up to 12 digits. In some cases, the invoice reference includes not only numbers but also letters

• Turning off the new UI

  Tried the new 'enhanced' UI and actively dislike it. Anyone know how to revert back?

• XML format to import knowledgebase into Zoho Desk

  Hi, We just started to use Zoho Desk and want to import our knowledgebase from our old support system (Freshdesk) to Zoho Desk. Can anyone give us information about the format of xml file to import? There is no explanation on the related page.

• Pushing Zoho People leave into Microsoft calendar: how to chose how "event" is shown (busy, free etc)

  Hi, how can I select how a "leave" event is pushed into Microsoft calendar? I want for leave "working elsewhere" to show as working elsewhere and NOT as busy.

• Duplicate Accounts

  Hi There, I am looking for a solution, script, workflow or anything to solve an issue we have - in our customers section we have a rule that doesn't allow duplicates, however Zoho will allow customers with xxxxx and xxxxx PLC or LTD so effectivley we

• Error with If formula

  I've got this super simple If formula, what is the reason for the error? If ( LEN(${Leads.Trial Slot Option}) == 3,'y','n') Syntax Error. Check the examples for any functions you're using to see if you formatted them correctly. Make sure your fields are

• Announcing Multi-language Support in Zoho FSM

  Zoho FSM now speaks your language. The much-awaited multi-language support is now available in Zoho FSM. The following languages are supported in Zoho FSM: Dutch (Nederlands) English - United Kingdom English - United States French (français) French -

• Creating multiple CRM leads from a Zoho Forms subform

  Hi all, We have a heavily used intake form that is used for new leads as a part of our intake. There is a subform that allows the lead to add additional team members, their titles and other basic info. That form submission creates a new Lead and the subform

• Free webinar! Build smarter apps with Zoho Sign and Zoho Creator

  Hello, Bring the power of digital signatures to the apps you build in Zoho Creator! Connect Zoho Sign as a microservice and enable seamless e-signature workflows in your applications. This integration allows you to automate signing tasks using Deluge.

• Restrict Addresses in Zoho Forms?

  In the address field, is there a way to restrict the addresses that auto populate (via Zoho Maps or Google Maps) to a specific state (I know it's possible with the country). Additionally, how often does the address in Zoho Maps get updated? Certain addresses

• Weekly Tips: Secure your attachment downloads with Zoho Mail

  Safety is one of our main concerns, whether it’s about device security or online protection. We use tools like fingerprint scanners, facial recognition, and two-factor authentication to keep our devices and email accounts secure. We use methods like OTP

• Resume Harvester: New Enhancements for Faster Sourcing

  We’re excited to share a set of enhancements to Resume Harvester that make sourcing faster and more flexible. These updates help you cut down on repetitive steps, manage auto searches more efficiently, and review candidate profiles with ease. Why we built

• Looking for best practices to import data from SAP Business One (on-prem) into Zoho Analytics via Zoho DataPrep / Databridge — daily automated schedule

  Hi all, I’m using SAP Business One on-prem (SQL Server / or HANA — depending on DB backend) as our ERP. I want to build a pipeline that, every morning at 9:00 AM IST: pulls transactional data (invoices, customers, products, stock, etc.) from SAP B1, loads

• Zoho One Unified Portal - Applications

  Hello, It is great to see the work on the New Unified Customer Portal. Thanks for that. The number of applications is limited though. It is now only around the Zoho Books ecosystem (Books, Expense...) and Zoho Social. = Are other applications planned

• Marketing Tip #10: Start a customer loyalty program

  Winning a new customer is great, but keeping them coming back is even better. A loyalty program rewards repeat buyers with points, giving them more reasons to shop again. Over time, this builds trust and long-term relationships. Try this today: Set up

• Zia Actions: AI-powered Workflow Automation for Faster and Smarter Execution

  Hello everyone, Updated on 12th Dec 2025 Zia actions for Workflow is available for Enterprise edition ONLY. These features are currently available in the following DCs: US, CA, EU, IN, and AU Email Auto reply and Content Generation are available as Early

• Do Individual Forums within Categories, in Desk Community, Produce Their Own RSS Feed?

  Do Individual Forums within Categories, in Desk Community, Produce Their Own RSS Feed? If not, can anyone share a work-around that could help me get an RSS feed for individual category forums?

• Incremental Migration Issue – Ticket Showing Resolution on Dec 9 Despite Urgent MX Cutover (Ticket ID: 152080262)

  I am experiencing an issue with Zoho Mail incremental migration from Rackspace. The initial full migration completed successfully, but the incremental migration for one mailbox failed immediately with the message: “User not exist” This appears to be a

• Resend Client Portal Invitation + View Email Delivery Status

  Hi Zoho Team, We hope you are doing well. We would like to request two important enhancements related to the Zoho Creator Client Portal invitation process. At the moment, when we add a user to the Client Portal, Zoho Creator automatically sends an invitation

• Get user last login

  1. Is there a way to programmatically get the last user login to trigger certain workflows? 2. Is there a way to programmatically access the custom fields on a user's account?

• Seeking Zoho Creator Expert (Delivery Management App / Logistics Ops) — Built & Deployed Before

  Hi everyone, We’re building a Delivery Management App (focused on delivery operations for now) using Zoho Creator. We’re looking for a Zoho Creator expert who has already developed and deployed a similar delivery/workflow system and can assist us with

• Adding Multiple Files to a Zoho Vault Entry

  There is a old blog post talking about adding multiple file attachments to one Zoho Vault Secret: https://www.zoho.com/blog/vault/introducing-new-features-in-zoho-vault-powerful-password-sharing-wider-storing.html Is that still possible, I can see how

• FNB South Africa Bank Feed

  I should've thought this wouldn't work. As suspect, Zoho claims to be able to pull bank feeds from First National Bank (South Africa), but fails everytime. I suppose Xero (or even Sage One) is the way to go? If they (miraculously) get it to work again,

• Next Page