Bug: OAuth 2.0 State Parameter fails with Pipe Delimiters (RFC 6749 Non-Compliance)

https://accounts.zoho.com/oauth/v2/auth?response_type=code
    &client_id=<client_id>
    &scope=<scope>
    &redirect_uri=<redirect_uri>
    &access_type=offline
    &state=<state_value>

// Instead of using pipes as delimiters:
state = csrf_token + "|" + user_id + "|" + redirect_path;
// ❌ This breaks Zoho's authorization flow

// Developers must use alternative approaches:
state = csrf_token + "_SEP_" + user_id + "_SEP_" + redirect_path;
// or
state = base64_encode(json_encode({"csrf": token, "user": id, "path": path}));
// or
state = csrf_token; // Store other data server-side keyed by CSRF token

• Topic Participants

• Damien Cregan

  

• Sticky Posts

• Deprecation of SMS-based multi-factor authentication (MFA) mode

  Overview of SMS-based OTP MFA mode The SMS-based OTP MFA method involves the delivery of a one-time password to a user's mobile phone via SMS. The user receives the OTP on their mobile phone and enters it to sign into their account. SMS-based OTPs offer

• Recent Topics

• Zoho learn Custom portal - networkurl & CustomPortalId

  I want to get my individual account’s networkurl and customportalId to use in this API: https://learn.zoho.com/learn/api/v1/portal/<networkurl>/customportal/<customportalId>/manual How can I retrieve the networkurl and customportalId using the API? I

• Connecting zoho creator to zoho writer to send prefilled documents

  i will paste the worflow below // Get user's submitted data from the form userSalary = input.Current_Salary; userCIBIL = input.CIBIL_Score; userEmail = input.Email; userName = input.Name; // You need to get the Document ID from the URL of your Zoho Writer

• Zoho Creator to Zoho Writer for prefilled documents...

  In response to the question about connecting Zoho Creator to Zoho Writer for prefilled documents, I wanted to share a working implementation that demonstrates how to use the record_id parameter with the Zoho Writer Merge API. This allows Writer to automatically

• Introducing our latest privacy enhancement - Hiding email IDs in Zoho Cliq Networks

  Hello everyone, Zoho Cliq Networks offers a powerful collaboration platform that allows businesses to create dedicated digital workspaces for external vendors, partners, or individuals you want to communicate with professionally without adding them to

• zoho performance

  OVERALL CONFIGURATION OF ZOHO PERFORMANCE Quarterly performance review Self rating and scoring Manager rating and scoring

• When will it be possible to edit Subform records via either views or tabular reports?

  Hey there, data maintenance often requires mass update of quite a lot of records. While this is a piece of cake via either List view or Zoho sheet view, the same cannot be carried out for subform records yet. When one of the two options will be made available?

• Onboarding

  Hello Team, Im yuktha working as HR at Ossisto Technologies. We are currently utilizing zoho for onboarding candidate. right now facing issue with onboarding Attaching the screenshots for your reference

• How do I change a form's name? Why isn't this more intuitive?

  Can someone please let me know how to change a form's name?

• Control Over Zia Generative AI Reply Assistance Behavior

  Hello, I would like to request an enhancement to the Zia Generative AI feature, specifically concerning the Reply Assistance within Zoho Desk. Current Issue: When replying to a ticket, the Ticket Properties section is automatically replaced by the Zia

• Zia now integrated with Open AI in Zoho Desk

  The powerful integration of Zia with OpenAI, has empowered Zoho Desk reach a new level of efficiency and performance. With contextual self-service capabilities, Zia enables agents to boost their productivity and delivers superior customer experiences.

• Zoho Desk Partners with Microsoft's M365 Copilot for seamless customer service experiences

  Hello Zoho Desk users, We are happy to announce that Zoho Desk has partnered with Microsoft's M365 to empower customer service teams with enhanced capabilities and seamless experiences for agents. Microsoft announced their partnership during their keynote

• Employee self-service portal: Onboarding and continuous learning platform for support reps

  Hello everyone, In any organization, employees must go through multiple courses to learn about the product, their organization's standards, and how to respond to customer queries using the knowledge base articles available. This typically requires completing

• 2024 Email Authentication Standards: Elevating Security with Google and Yahoo

  In contemporary email communication, email authentication plays a pivotal role in mitigating email fraud, spam, and phishing attacks. Brace yourself for a new level of security. Starting February 2024, Gmail and Yahoo will be implementing robust email

• Contact custom field in layout

  Good day, all, I have an "Extension" custom field in contacts, and would like to display the contact extension in the ticket layout, but I don't seem to be able to. What am I missing? Thanks Rudy

• Exact match in name when searching workdrive

  Hello, I am wondering how to search workdrive files/folders with an exact match in the name. For example, when I search across folder with the url param search[name]=someName, I get multiple results such as "someName", "someNameAndMore", or "someName

• account in a diferent bas currency

  Is it possible to have an account in currency diferente from base currency?, lets say, the bas currency in japase yen but asset  accut called cash dollars in dollars?

• Meeting impossible to use when sharing screen

  he Meeting tool in Brazil is practically unusable when sharing anything, whether it’s a presentation or simple navigation. When accessed via Cliq, the situation gets even worse: even basic calls fail to work properly, constantly freezing. And as you are

• Changing the Default Search Criteria for Finding Duplicates

  Hey everyone, is it possible to adjust the default search criteria for finding and merging duplicate records? Right now, CRM uses some (in my opinion nonsensical) fields as search criteria for duplicate records which do nothing except dilute the results.

• Is there a way to create a desktop shortcut for a website course portal?

  Hello everyone, I recently got a laptop and bought an online course from a website, Skillwint.com, which I visit regularly. I open that site many times a day and want to create a desktop shortcut so I can open it directly instead of searching in the browser

• SalesIQ Tip for Admins: Your Safety Net for Data Recovery

  Ever clicked 'Delete' in your SalesIQ and then realized it was the wrong item? Maybe it was a prospect's chat that held important context you needed to refer to later on. Or, maybe you deleted an elaborate Zobot that you were still testing or planning

• Depreciated mergeAndStore Function Help!

  Hello, I have a function designed to create a PDF containing information from the fields in a Deals record. There is a Writer Mail Merge template in WorkDrive that is populated via Deluge code, and a copy of the resulting PDF is then attached to the record.

• Can I execute two 'functions' when completing a mail merge from CRM?

  Hi, I have set up a mail merge from CRM Deals to a template. I want a copy of this to be saved in Workdrive, and then a copy also saved back into the deal record from which the merge occurred. I can do both independent of each other, and managed to get

• External Share > Edit: Cannot Create Zoho Files

  Hi Zoho, When we create an external share link with Edit permission, our external users are unable to create a Zoho file (Zoho Writer, Zoho Sheet and Zoho Show). They can only upload files. They can edit the Zoho files if we create them internally and

• Zoho Mail iOS app update - RTL languages support and access emails using permalink and universal link, image upload resolution

  Hello everyone! In the most recent version of the Zoho Mail iOS app update, we have brought in support for RTL languages(Arabic and Urudu), providing a seamless reading experience with proper text alignment and layout throughout the app. We have also

• Why are emails sending with @viazohocrm.com ?

  I just sent out mass emails from CRM. They are sending from the email below and people cannot reply, and they are getting this message: Address not found Your message wasn't delivered to sales.XXXXXXXX.com.au@viazohocrm.com because the address couldn't

• Duplicating and referencing datasets

  I am moving from PowerBI to Zoho Analytics and while I find Zoho easier to use in many ways, there is one function that I use in PowerBI that I have not been able to find in Zoho.   I have several data sets that I need to modify in different ways to get

• Zoho Inventory Now Supports VeriFactu for Businesses in Spain

  Starting from January 1, 2026, Spain requires real-time invoice reporting for all B2B transactions. From July 2026, this requirement will extend to B2C transactions as well. All reporting must be carried out through the VeriFactu to AEAT (Agencia Estatal

• Enhancements to Zoho Map integration tasks

  Hello everyone, We're excited to announce enhancements to the Zoho Map integration tasks in Deluge, which will boost its performance. This post will walk you through the upcoming changes, explain why we're making them, and detail the steps you need to

• Let’s Talk Recruit: Meet Zia, your all-in-one AI assistant (Part-3)

  Welcome back to the Let’s Talk Recruit series. In the part 2 post, we explored how Zia has evolved with smarter summaries and seamless AI-assisted content creation. This time, we’re diving into the latest upgrades that take productivity even further —

• Announcing Early Access to "Zoho CRM for Everyone" — A new and exciting update to Zoho CRM

  Update : Zoho CRM For Everyone's Nextgen Interface gets an upgrade! Hello everyone, We’ve updated the Zoho CRM for Everyone Nextgen interface based on your feedback. The UI is now simpler with a unified sidebar, a more visible global search and features

• Unable to verify domain for Zoho People

  I have added TXT records in my DNS (GoDaddy) [screenshot attached], but unable to verify even after 12 hours after adding. On checking the console, it shows some errors [screenshot attached]. It appears that the verification flow is broken - please provide

• Zoho Invoice Now Supports VeriFactu for Businesses in Spain

  Starting from January 1, 2026, Spain requires real-time invoice reporting for all B2B transactions. From July 2026, this requirement will extend to B2C transactions as well. All reporting must be carried out through the VeriFactu to AEAT (Agencia Estatal

• Zoho Billing Now Supports VeriFactu for Businesses in Spain

  Starting from January 1, 2026, Spain requires real-time invoice reporting for all B2B transactions. From July 2026, this requirement will extend to B2C transactions as well. All reporting must be carried out through the VeriFactu to AEAT (Agencia Estatal

• Weekly Tips : Make your email content error free with Spell check in Zoho Mail

  As someone who writes multiple emails a day, we are bound to make both grammatical and spelling errors. Most of them we may not even notice, and even if we do, we may not have the time to correct each one individually when we are in a hurry. So how do

• Introducing Enhanced Storage Management

  We’re excited to roll out two new enhancements in Zoho Recruit, Subscription Information and Storage Management — designed to give admins complete visibility into subscription details, feature limits, and storage consumption — all from one place inside

• how to download all my files

  We are in the middle of zoho docs to zoho workdrive migration. I can not access my zoho docs page. I get redirected immediately to a zoho workdrive page. I would like to download all my files so that I have a backup in case something goes wrong with the

• Convert Zoho Books SalesOrder - Invoice

  Converting a Zoho Books Sales Order into an Invoice Using the SalesOrder Convert API Hello Zoho Developers, Today, we are sharing a simple and effective solution to convert a Zoho Books Sales Order into a Zoho Books Invoice using the SalesOrder Convert

• Zoho Expense - Report Templates

  Hi Expense Team, I do a recurring trip once every week which has the same cost: Per diem Milage Toll Payment It would be great if there was a feature which allowed me to clone a previously submitted report or create a template reports. This would save

• Tip #51- Centralized Contact Management for Better Remote Support- 'Insider Insights'

  For our final topic of November, we’re diving into one of the most helpful features in Zoho Assist, the Contacts section on Zoho Assist;s dashboard. Whether you’re managing multiple clients, tracking past sessions, or simply looking to streamline your

• Say Hello to Telephony in Zoho FSM

  Zoho FSM now brings complete telephony support so your team can manage inbound and outbound calls without switching tabs. Faster responses, smarter routing, and total call visibility—all in one place. Choose the telephony setup that works for you Zoho’s

• Next Page