Bug: OAuth 2.0 State Parameter fails with Pipe Delimiters (RFC 6749 Non-Compliance)

https://accounts.zoho.com/oauth/v2/auth?response_type=code
    &client_id=<client_id>
    &scope=<scope>
    &redirect_uri=<redirect_uri>
    &access_type=offline
    &state=<state_value>

// Instead of using pipes as delimiters:
state = csrf_token + "|" + user_id + "|" + redirect_path;
// ❌ This breaks Zoho's authorization flow

// Developers must use alternative approaches:
state = csrf_token + "_SEP_" + user_id + "_SEP_" + redirect_path;
// or
state = base64_encode(json_encode({"csrf": token, "user": id, "path": path}));
// or
state = csrf_token; // Store other data server-side keyed by CSRF token

• Topic Participants

• Damien Cregan

  

• Sticky Posts

• Deprecation of SMS-based multi-factor authentication (MFA) mode

  Overview of SMS-based OTP MFA mode The SMS-based OTP MFA method involves the delivery of a one-time password to a user's mobile phone via SMS. The user receives the OTP on their mobile phone and enters it to sign into their account. SMS-based OTPs offer

• Recent Topics

• Zoho Workdrive for Office, "vsto runtime not found"

  Hi all, I have been trying to get ZohoWorkdrive_MS-addin_1.4.exe installed, but I keep getting the error "VSTO Runtime Not Found!" - even though I have installed it ... Anyone else hear had problems with the MS addin?  FYI, I am using O365 on A Dell laptop running Win 10 Home - fully patched and up-to-date.  I have tried compatibility modes and running explicitly as Administrator - the usual steps. Any advice would be appreciated.

• Can no longer export as pdf

  In NOTEBOOK I am no longer able to export notes to pdfs as I used to be able to. When I hit that command it asks where I want to send it, but no matter what I chose there is no pdf attachment that shows up in order to send. Nothing happens.

• How can I prevent the Zoho Vault extension from automatically logging me out?

  Hi, I want the Zoho Vault Chrome extension to never log out. How can I do this? It only allows me to log out for 1 week, and the same applies to the Android app.

• Zoho CRM App - Links

  Hi  Is there are plan for making Custom Links available in the Zoho CRM Android App? I can't see them being added? Thanks Gene

• Templates

  Trying to sort out / get rid of unwanted invoice templates, the error msgs are not at all helpful. Surely it's easy to amend the error msg by including a list of the names of the customers / vendors that use it, denying deletion or making it inactive

• Finding missing records

  I have a challenge and I am not really sure where to start with it. I can't find any similar threads on here, can anyone help: I have two forms, FormA and FormB. Both forms have records that contain a field called Job_Number. What I am trying to achieve

• Let's Talk Recruit: Meet Zia, your all-in-one AI assistant (Part-2)

  Welcome back to Let’s Talk Recruit series. In Part 1, we introduced Zia and how AI is reshaping the way recruiters work. This time, we’re taking a closer look at how far Zia has come and how each update continues to simplify your everyday tasks. When

• Zoho Developer - Feature Request Platform

  Zoho Developer is one of the most underatted platform in zoho ecosystem, however, it may just be what zoho needs to welcome more people to use Zoho Services. The more developers you have creating zoho creator applications and zoho extensions the more

• Last/Previous month in relative date filter

  In the relative date filter, what is the difference between "Last 2 months" and "Previous 2 months"? So, if we are on 25-July, then is my understanding correct of the following: Last 2 months :=:      25-May~24 July Previous 2 months :=:     01-May~30-June Thanks.

• Tags get removed from notes on mobile

  I don't know why this keeps happening even after all these app updates but if you log out and log back into the app or you reinstall it, all the tags you assigned to your notes get taken off, but if you go on the desktop version the tags are still there.

• Introducing Lead Capture: Empower exhibitors to capture leads effortlessly

  Events provide a great opportunity for exhibitors to generate awareness and engage with potential customers. Efficiently distributing attendee information to exhibitors through a seamless and secure way is of paramount importance. Introducing Lead Capture

• Work Order Creation Issue

  Dear Team, I would like to inquire about the daily limit for Work Order creation in Zoho FSM. Yesterday (02/05/2025) at around 6:30 PM GST, I attempted to create a Work Order, but I have been unable to do so since then. Please find the attached image

• URGENT: ChatGPT Extension Failing With “gpt-3 Access Error” (Priority Support)

  Appreciate support reviewing this urgently. I am a Priority Support member and need immediate clarification on a recurring issue involving the ChatGPT extensions inside Zoho Desk. Both extensions — including the version created and published by Zoho —

• Zoho Desk iOS update: Custom buttons, follow/ unfollow option on tickets

  Hello everyone! In the most recent Zoho Desk iOS app update, we have brought in support to access the custom buttons configured on web app(desk.zoho.com). Using custom buttons you can seamlessly execute predefined actions directly from their mobile devices,

• Zoho pdf suit

  Pl. design products with following feature: 1. Please add all features given in Ilovepdf website to work on pdf files. It is mandatory to use pdf in court work. 2. Courts have prescribed New Times Roman, pl. add this font as well 3. Indexing, signature

• Zoho Not Working

  Today Zoho not wokring

• Dynamically autofill fields with URL parameters

  I have a zoho form embedded in my organization's WP website. Our users find their account with a search tool, and then can select to open this page with the embedded form. The URL of the page holds the parameter that I need, but I cannot figure out how

• Integrate Projects for Desk KB article release tasks

  Could you please look into the possibility of integrating project tasks for Zoho Desk article release processes? We are looking for an internal integration between Zoho Projects and Zoho Desk's KB article drafting, reviewing and releasing tasks. We could

• Issue in Annual Leave

  We created a policy to credit 21 days at the Start of the Year An employee has taken 16 days of leaves thought the year, so we expect to see 5 Leaves remaining right? But Zoho People is Showing 12 Days of Leave Balance Available If we check the Leave

• Use the searchBy parameter to find user by email address

  I'm trying to find a user is Zoho Desk via the Api. In the documentation I see that there is the possibility to add a searchBy parameter in the request. But I can't find how the search values should be formatted. I've tried multiple things and get either

• Zoho CRM Community Digest - September 2025 | Part 2

  Hello Everyone! Mid-September vibes: fresh tips, smart hacks, and practical Zoho CRM updates all in one place. Let’s dive in. Product Updates: The All-New Address Field! The new Address field type makes it easier to capture complete addresses in one structured

• Zoho Vault API: Create new Secrets

  Hello, I attempt to Post Secrets to the vault, since the encrypted entries are almost impossible to decrypt, since there is no documentation on how to decrypt them. Like with the lack of documentation on how to descrypt, there are missing information regarding on how to create new secrets/post secrets. Source: https://www.zoho.com/vault/api/#create-a-new-secret When I try to send JSON Informationen as a POST-Request I only receive the error message: {     "operation": {         "result": {             "error_code": "",

• CRM and Finance Tab - Add Invoice "Subject " Column

  When On a contact in CRM, and you click the Zoho Finace tab, how can I put in the invoice subject line? Or even a custom field for this.  We need to see what that invoice is for, without opening it.   If we have tons of invoices we need a way to quick

• Collections Management: #4 Before, During & After Payment Processing

  "Mark, I think the payment link isn't working. Can you send it again?" Staring at a message, Mark got on his phone. This was the third time the same customer had asked him that week. A few minutes later, another message came, "Hey, the invoice total seems

• Account name not populating when importing contacts

  When importing a csv file to add contacts the account name is blank? Every other filed gets mapped and imported correctly, i.e contact name, phone number. However not the account name which I have mapped to "company" field in my csv file

• Suggestion to improve zoho writer

  I am using your product, I believe it is very useful, however, i was writing a note and I needed to draw an arrow in different angles to explain a point and I couldn't. it would be helpful, to add draw functions to the zoho writer. thanks

• webhook basic authentication

  II want to use a webhook to send out a SMS. Unfortunately Twilio does not use an authToken but basic authentication. I created the webhook as POST and get this url: https://{username}:{password}@api.twilio.com/2010-04-01/Accounts/{account}/Messages?body=<BODY>&to=+155555555&from=+1555555555

• Issue with Hour Calculation in Zoho People Attendance Module

  I have noticed an issue in the attendance regularization feature of Zoho People. When trying to regularize past dates, the total working hours are not calculated correctly. For example, if I enter a check-in and check-out time for a previous day, the

• Push Notification for New Bookings in Zoho Bookings App

  when a someone schedules an appointment through the booking page, is there any option to receive a push notification in the mobile app?

• Automation in Zoho Sprints

  Hi. I have a Sprints board with the following statuses: ToDo, InProgress, CodeReview, Testing, Preprod, Live When a ticket is moved from e.g. Testing to Preprod, the following tags should be modified: remove 'tested OK' remove 'ready for Preprod' add

• Export Purchase orders as Excel

  Is it possible to export purchase orders as excel rather than PDF? Our suppliers don't want orders made in PDF, they need it to be excel

• Draft & Schedule Emails Directly in Bigin

  Greetings, I hope all of you are doing well. We're happy to announce a few recent enhancements we've made to email in Bigin. We'll go over each one in detail, but here's a quick overview: Previously, you couldn't draft or schedule emails in Bigin, but

• TDS Filing

  Is there any option for automatic 26Q and 24Q filing in Zoho books. Even Tally has this option. Why don't Zoho has this ? Is there any customisation available for this ?

• Zia’s AI Assist now helps you write clearer notes — in seconds

  After helping recruiters craft job descriptions, emails, and assessments, Zia’s AI Assist is now stepping in to make note-taking effortless too. Whether you’re recording feedback after an interview or sharing quick updates with your team, you can now

• Shortcut to fill a range of cells

  Good evening: I'm writing because I haven't been able to find a feature that allows you to select a range of cells, type in one of them, and then use a key combination to type in all of them. In Excel, the keyboard shortcut is Ctrl+Enter. I haven't found

• Object required error

  Hi, I am getting an 'Object required' error on the line Call HideColumnsOutsideRange(ws, startOfWeek, endOfWeek) when I run the ShowCurrentWeek macro but not when I run the ShowCurrentMonth macro. Any ideas? Regards, GW Option Explicit Sub HideColumnsOutsideRange(ws

• Zoho CRM - Rename "Estimates" in CRM Finance Suite Integration to "Quotes"

  I'm not sure if it's been 2 or 3 years now since Zoho Books renamed Estimates to Quotes. I still see "Estimates" in the Zoho CRM integration. Could this be added to Translation settings so that some customisation could be made on an account by account

• Its 2022, can our customers log into CRM on their mobiles? Zoho Response: Maybe Later

  I am a long time Zoho CRM user. I have just started using the client portal feature. On the plus side I have found it very fast and very easy (for someone used to the CRM config) to set up a subset of module views that make a potentially extremely useful

• New Series Announcement - Ecommerce Marketing Tips

  Running an online business is more than just having a website. It’s about getting the right customers to discover you, trust you, and keep coming back. To support your growth journey, we’re launching a weekly Marketing Tips series right here on Zoho Commerce

• Marketing Tip #7: Add a blog to your online store

  A blog is more than content. It’s a magnet for new customers. Sharing product guides, styling tips, or industry insights through blog posts builds trust and helps you rank higher on search engines. Try this today: Write one blog post answering a common

• Next Page