Bug: OAuth 2.0 State Parameter fails with Pipe Delimiters (RFC 6749 Non-Compliance)

https://accounts.zoho.com/oauth/v2/auth?response_type=code
    &client_id=<client_id>
    &scope=<scope>
    &redirect_uri=<redirect_uri>
    &access_type=offline
    &state=<state_value>

// Instead of using pipes as delimiters:
state = csrf_token + "|" + user_id + "|" + redirect_path;
// ❌ This breaks Zoho's authorization flow

// Developers must use alternative approaches:
state = csrf_token + "_SEP_" + user_id + "_SEP_" + redirect_path;
// or
state = base64_encode(json_encode({"csrf": token, "user": id, "path": path}));
// or
state = csrf_token; // Store other data server-side keyed by CSRF token

• Topic Participants

• Damien Cregan

  

• Sticky Posts

• Deprecation of SMS-based multi-factor authentication (MFA) mode

  Overview of SMS-based OTP MFA mode The SMS-based OTP MFA method involves the delivery of a one-time password to a user's mobile phone via SMS. The user receives the OTP on their mobile phone and enters it to sign into their account. SMS-based OTPs offer

• Recent Topics

• Allow Regular Users to Directly Transfer Ownership of Files & Folders

  Hi Zoho WorkDrive Team, Hope you are doing well. We would like to request an important enhancement related to file and folder ownership management in Zoho WorkDrive. At the moment, a regular user cannot directly transfer ownership of their files or folders

• Triggering rules on lead conversion

  There is no field on the Rule list for rule conversion to trigger an alert on liead conversion to a potential. I assigned a rule to file on any creation or update of a lead. The lead was changed a lead to a potential but no rule was fired. Rajesh Bhadra

• Customised Funnel

  We are running the standard plan for our ZOHO CRM. I have been asked if there is a way to combine data from the Calls module, Deals module and Contact Module into 1 funnel, similar to the view you can get when viewing Deals By Stages, you can see the

• Trigger Zapier on Deluge Insert Into Function?

  Hello, To get around the limitation of not being able to trigger a Zapier Zap on Record Update(this would be extremely useful to be able to do btw), I have created a Deluge script to copy the data from Form A to a Trigger Form B using the Insert Into expression from a Custom Action button on a Report from Form A.  This action does not trigger the Zapier Zap whereas manually adding a record or duplicating an existing record does trigger the Zap. Is Insert Into not the same as a manual Add in the context

• Can you inject JS in an HML+CSS+Deluge Page?

  I have an HTML + CSS + Deluge page and need just a little vanilla JS functionality. However, it seems like Zoho Creator does not allow that. I'm required to create a JS widget. Is this correct? If so: 1. Won't this quickly consume my API limit if there

• Zoho unified inbox

  The new changes have definitely improved things for switching between accounts.  But zoho still desperately needs a unified inbox.  It sucks to have to enter filters and folders for each and every inbox.  This seems like such a simple thing, i wonder why Zoho hasn't done it?

• Best Practice for Penny Rounding & FX Adjustments in Zoho Books

  Hi everyone, I’m just looking for some clarity on the correct way to handle very small rounding differences in Zoho Books when dealing with foreign-currency payments. What I’m currently doing: • I enter the supplier bill exactly as shown. • When paying

• Is there a problem with sharing workdrive files with links since last night?

  As per title, we can't access folders/files through share links since last night. I created ticket but we need quick solution and didn't hear back from the support yet. The files are still accessible by the main account but all zoho files that we are

• Enable Screen Recording in Zoho WorkDrive Mobile Apps (Android & iOS)

  Hi Zoho WorkDrive Team, How are you? We are enthusiastic Zoho One users and rely heavily on Zoho WorkDrive for internal collaboration and content sharing. The screen-recording feature in the WorkDrive web app (similar to Loom) is extremely useful- however,

• Production Management Tool (MRP / BOM)

  Hi Guys, is there any recommended App available that works with zoho and covers the needed applications for a production? What we need is a system that covers the BOM (bill of materials), MRP (material ressources planning), MRP II (manufacturing ressources

• Bug in Zoho Cliq Signup Flow – "%s" Placeholder Visible Instead of Product Name

  Hi Zoho Team, I would like to report a UI bug in the Zoho Cliq signup/enable flow. During the step where Cliq asks to enable the product for the company, the following text appears: Great! Your company is already available in Zoho, so you just have to

• Exporting tickets

  I went to Setup -> Organization -> Import/Export in order to export tickets but found 2 issues: 1. The email body never gets exported. 2. There are some large numbers (like 5.57E+16) under certain columns of the exported CSV file. I could not find any export options. Please can you help with this?

• Copy field information to clipboard

  I need to be able to transfer some field information in to the clipboard, so that I can then paste it in to our helpdesk system. Is there a way I could add a button to a detail report that does this?

• Issuing reconciling a bank statement

  HELP! I'm trying to reconcile a bank statement. The prior month reconciled perfectly. Beginning balance is correct yet I'm off by the same amount each time. Both myself and my office manager, separately and together, have tried to complete this reconciliation

• Detect and ignore bots in visitors

  The SalesIQ visitor numbers are basically useless to us because there is no bot detection. We get the same bots coming in from the same countries looking at the same pages every day. It can't be that difficult to tell the difference between an actual

• Add Real-Time Microphone Audio-Level Indicator During Screen Recording

  Hi Zoho WorkDrive Team, Hope you are doing well. We would like to request an important enhancement to the Zoho WorkDrive screen-recording experience. Current Limitation: During a recording session, there is no visual indication that the microphone is

• Zero Personalization of the File Sharing Experience

  By now (2025) this is the maximum level of personalization available for a Zoho sharing link. We gently asked Zoho if we could modify at least the background, and they replied that it cannot be customized. We're truly disappointed – and surprised every

• Request for Solution to Reverse $500,000+ FY2024 Inventory/COGS Discrepancy in Zoho

  Dear Zoho Support Team, I hope you are doing well. We are contacting you regarding a significant discrepancy in our financial data within Zoho Books/Inventory, and we urgently need your guidance on how to correct and reverse these issues. After reviewing

• Two factor authentication for helpdesk users

  The company i work for wants use the helpdesk site in Zoho desk, as a place for their distribution partners to ask question and look for information about our product. The things there is suppose to go up there is somewhat confidential between my company

• Kiosk can't merge picklist or multiselect

  There is no ability to load a multiselect or picklikst field into a kiosk with the values that have been previously selected. So, I essentially have 3 unacceptable options: 1.)Load the value into a text string and include instructions like this: "Picklist

• AGE field from DATE OF BIRTH Field.

  HI! I have a field called date of birth in my CRM (LEADS, CONTACT etc…)     How can I know the AGE today   I would like to create a field AGE. I now how to create a field but I don´t which calculation (CUSTOM FUCTION) to make ¿ANY HELP?

• How to update/remove file in zoho creator widgets using javascript API

  Hi Team, I have developed a widget which allows inserting and updating records I have file upload field with multiple file upload. Now while doing insert form record, I am using uploadFile API to upload files for that record. I am using updateRecord API

• Announcing new features in Trident for Windows (v.1.34.4.0)

  Hello Community! Trident for Windows just got better! With this update we have features that make your daily work easier and more efficient. We've added some features that are exclusive to our app and we're sure you'll find them useful. Let’s dive into

• Report Hover Setting

  Would be great if we will able to show information to the user while hovering a record in a report.

• Vertical images displayed as horizontal

  Some pictures that originally are in vertical position are displayed in horizontal after the upload. It seems that system rotates them by 90 degrees. How can I fix this issue?

• Plug Samples #12: Verify Customer Mobile Numbers with OTP to Avoid Spam Entries

  Hi Everyone! Verifying customer information is critical in business to filter out junk data and spammers. Whether it’s lead generation, appointment booking, or any other operation, ensuring quality data is essential for driving meaningful outcomes. A

• Zoho Desk iOS app update: Saved filters and sort options

  Hello everyone! Saved filters created on the web(desk.zoho.com) for tickets are now accessible on the Zoho Desk iOS app. You can easily rename, delete, or clear filters on the go. We have also introduced Sort options on the ticket listing screen, allowing

• Big Things Just Dropped in the SalesIQ Universe: Top Upgrades You’ll Love in Nova’25

  Nova'25 has landed, and it’s packed with meaningful upgrades to help you engage smarter, work faster, and scale with ease. Whether you're into proactive messaging, smarter automation, or better admin control, there's something here for everyone. Here's

• Time Entries in Analytics

  I am trying to import a zoho sheet into zoho analytics. In my sheets one of the columns has "time Entries" in this "format HH:MM am/pm" example 11:00 PM. After import, i noticed that analytics converted the time to "00 Jan 1900 23:00:00".. how do i maintain

• Amazon invoice in Zoho Books

  I have just made my first few sales on Amazon India. Amazon Seller account generates invoices for the sales made on Amazon. These invoices are sent to customers also. Now when I was only making offline sales, I used to create Invoices in Zoho Book. Now

• Zoho Creator Upcoming Updates - November 2025

  Hello everyone, Welcome to your monthly roundup of new features and enhancements! We hope you've already taken a look at Release Projection 2—it details the features coming your way for the rest of the year. And this month, we're excited to start rolling

• Zoho Webinar + HubSpot : Simplifiez la gestion de vos données de webinaires

  Les webinaires sont aujourd’hui essentiels pour interagir avec vos prospects et vos clients. Cependant, la gestion des données entre plusieurs plateformes peut vite devenir complexe. Grâce à la nouvelle intégration entre Zoho Webinar et HubSpot, vos outils

• I am trying to give access to one of our educators access to 3 forms in Zoho and she is not able to view the data - Access issue

  Hi Team, When I try to provide read access to one of our educators on Zoho for Pre-training , post training and Impact survey forms submit form access which also allows them to read , it does not show them data

• How to book GST paid in zoho books

  hi, i am a new user to Zoho books and not able to book GST paid in books, kindly suggest how i can book it in books. thanks, siddharth

• PUNJAB NATIONAL BANK (CORPORATE) INDIA - NOT AVAILABLE IN BANKING

  Dear sir, Kindly fix it. PUNJAB NATIONAL BANK (INDIA) is available but PUNJAB NATIONAL BANK (CORPORATE) is not available. Kindly enable this banking since we need to categorize the entries. Regards, Sanjay Jena email id/ user id : travewithmerchant@

• Unable to Delete Items – No Visible Transactions but Error “Items which are a part of other transactions cannot be deleted…”

  Hello Community, We are using Zoho Inventory for our business and encountered a persistent issue that is preventing us from deleting certain items. The message shown is: “Items which are a part of other transactions cannot be deleted. Instead, mark them

• Kaizen #216 - Actions APIs : Email Notifications

  Welcome to another week of Kaizen! For the last three weeks, we have been discussing Zylker's workflows. We successfully updated a dormant workflow, built a new one from the ground up and more. But our work is not finished—these automated processes are

• Your bot just got smarter: AI-Powered routing that reads between the lines

  What if your bot could tell the difference? Between a visitor who just needs a quick answer, someone actively comparing options, and a frustrated customer one click away from leaving? Most bots can't. They deliver the same response to everyone, missing

• Weekly Tips : Master Keyboard Shortcuts in Zoho Mail

  If you spend a lot of time managing emails, switching between your mouse and keyboard can slow you down. Whether you are replying to clients, organizing your inbox, or searching for messages, every second counts. So, how can you streamline your email

• Introducing custom lookup fields in the Tickets, Contacts, and Accounts modules

  Hello all, We are excited to announce a new enhancement that will empower you to further customize the Tickets, Contacts, and Accounts modules. Now, you will be able to create custom lookup fields in your Tickets, Contacts, and Accounts layouts for more

• Next Page