Bug: OAuth 2.0 State Parameter fails with Pipe Delimiters (RFC 6749 Non-Compliance)

https://accounts.zoho.com/oauth/v2/auth?response_type=code
    &client_id=<client_id>
    &scope=<scope>
    &redirect_uri=<redirect_uri>
    &access_type=offline
    &state=<state_value>

// Instead of using pipes as delimiters:
state = csrf_token + "|" + user_id + "|" + redirect_path;
// ❌ This breaks Zoho's authorization flow

// Developers must use alternative approaches:
state = csrf_token + "_SEP_" + user_id + "_SEP_" + redirect_path;
// or
state = base64_encode(json_encode({"csrf": token, "user": id, "path": path}));
// or
state = csrf_token; // Store other data server-side keyed by CSRF token

• Topic Participants

• Damien Cregan

  

• Sticky Posts

• Deprecation of SMS-based multi-factor authentication (MFA) mode

  Overview of SMS-based OTP MFA mode The SMS-based OTP MFA method involves the delivery of a one-time password to a user's mobile phone via SMS. The user receives the OTP on their mobile phone and enters it to sign into their account. SMS-based OTPs offer

• Recent Topics

• Installing EMAIL Setup in New Domain

  Respected Support team, I'm facing an issue with cloudflare in Pakistan, I want to setup Zoho Mail Setup but I Don't know how to enable Zoho mail setup without cloudflare. My Website https://stumbleguyzzapk.com/, https://fakservices.com/ is using CF,

• Enhancements to Zoho Meeting Annotator

  Hello Zoho Meeting Team, Hope you are doing well. We would like to share a few improvement suggestions regarding the Zoho Meeting Annotator used during screen sharing. While the current version provides helpful annotation tools, there are several limitations

• Zoho Social/Marketing Plus - Addition to "Monitor" function

  It would be very helpful if the Monitor function would allow us to add a column to monitor hashtags in addition to pages and mentions. This is a common and very valuable function in other social listening tools.

• Zoho forms - > Zoho desk multiple agents

  Hi! I would like to use a standard form to be used when we hiring people, so we looked at zoho forms for that. Now we would like to get that info in to Zoho desk and their different users shall take care of this ticket simultaneous . So, what would be

• Almacenamiento

  Hola, Quisiera saber como podría hacer para bajar el almacenamiento de 5gb a mis usuarios, en otras palabras los quiero ir limitando de la cuota real, y luego ir agregando poco a poco la cantidad hasta llegar a los 5gb que me dan en el plan free. 

• Will I Get a Refund If I Downgrade Zoho Mail?

  Hello, We upgraded an email account for our new employee. However, the employee left after one month, and now I've reduced the number of Zoho Mail users from 7 to 6. Can we get a refund for the remaining portion of our annual payment?

• Introducing the revamped What's New page

  Hello everyone! We're happy to announce that Zoho Campaigns' What's New page has undergone a complete revamp. We've bid the old page adieu after a long time and have introduced a new, sleeker-looking page. Without further ado, let's dive into the main

• How do i follow up my email campaign in-thread

  Is there a way to follow up the email campaign so that it is in-thread using zoho campaigns? eg customer gets original email with subject line "hello" then 5 days later follow up would be with subject line "RE: hello".

• Announcing new features in Trident for Mac (1.29.0)

  Hello everyone! Trident for macOS (v1.29.0) is here with new features and enhancements to enhance your business communication. Let's take a quick look at them. Access shared mailboxes. You can now view and access shared mailboxes in Trident, which are

• Books is extremely slow again today !

  Everything is running slowly even with 500mb connection speed

• Cyclic dependencies in many-to-many relationships...

  I have an application which includes a form for companies, and a form for contacts. Each company can be assigned 1 technical and 1 administrative contact. I have this working okay so far, but I want to copy the scripts used so far to a new empty application. When I import the scripts it fails with a message that says: Problem encountered while creating the application Error in resolving form dependency:Cyclic dependency among the forms:[Company, Contact] What can I do to resolve this? After all,

• Zoho API to create ticket

  I'm developing an integration to create tickets via API, but, locally it works (send and recieve requests). In production it also works sending requests, but, my file don't recieve any response data. My URL is available in Zoho API Console and I have

• Automate Timesheet Approvals with Multi-level Approval Rules

  Introducing Approval Rules for Timesheets in Zoho Projects. With this automation, teams can manage how timesheets are reviewed and approved by setting up rules with criteria and assigning approvers to handle submissions. Timesheet, when associated to

• Labels Part 2

   Hey Zoho Mail Team, On the labels window on the left-hand pane, alphabetize label name display, rather than displaying in order created.  This one should be easy. Thanks, Drew

• Building Toppings #1 - Serving your needs with Bigin Toppings

  Hey Biginners! We're excited to kick off our Developer Community series on building toppings for Bigin, and our goal is to provide an accessible, beginner-friendly, and relevant path for every developer. Imagine creating tiny pieces of software that unlock

• Can we create Sprint with tasks from Multiple projects?

  Hi Team, We were using Zoho Sprints for quite sometime. Currently we have started the process of Sprint method. We couldnt create the active sprint board with the tasks from multiple projects. I would like to know whether this is possible or Any timeline

• Tip of the Week #74– Create automated workflows in MS Power Automate

  Zoho TeamInbox now connects directly with Microsoft Power Automate, letting you streamline everyday routines tasks such as from sending emails to managing threads, with automated workflows. About the integration Zoho TeamInbox integrates with Microsoft

• Account validation

  Hello everyone, I registered my account on ZeptoMail to use the system, but the problem is that the verification period on Zepto's end has already passed and I have limited functionality.

• Paste issues in ZOHO crm notes

  Hi, since a week or so I have issues with the paste function in ZOHO CRM. I use "notes" to copy paste texts from Outlook emails and since a week or so, the pasting doesnt function as it should: some text just disappears and it gives a lot of empty lines/enters.....

• Is it possible to add a gradient color to a newsletter im designing?

  From where i sit it looks like you can only choose a single color but not combine 2 colors?

• Account disabled

  I have an issue I need help with. Whilst trialing ZOHO CRM I created the following: Account1 (-------------) using m__ame@m__rg___s__i__.___.__ and 2 personal emails Account2 (-------------) using a personal email and 2 users _al__1@______________._o_.__

• Blocked Email

  We are a Zoho One subscriber and use Yahoo as our MX provider. A few times each year, for the past four years, CRM blocks one or more of my Zoho One users from receiving internal email from CRM. This includes "@mentions" in all modules, and emails from

• message var is empty in bot mention handler

  Hi, I'm encountering a problem: in my bot's mention handler, I want to retrieve the text the user typed when mentioning the bot. Example: On the #tests-cyril channel, I send this message: “@Donna hello how are you ?” I expect the system variable "message"

• Remembrance Day to Remember – Recalling Values

  The phrase “at the eleventh hour” refers to the 11th hour of the 11th day of the 11th month in 1918, when the hostilities of World War I came to an end—but it still holds meaning today. Remembrance Day (Veterans Day in the US) is observed on November

• How to display two measures (sales and price) divided by categories on one line chart

  Hi everyone, I’m having trouble figuring out how to display two columns on a line chart with category breakdowns. What I need is a line chart where one line represents Sales and the other represents Price. However, the Price data is divided into around

• Create custom rollup summary fields in Zoho CRM

  Hello everyone, In Zoho CRM, rollup summary fields have been essential tools for summarizing data across related records and enabling users to gain quick insights without having to jump across modules. Previously, only predefined summary functions were

• Introducing the locking option for CRM records

  Last modified on 06/04/2023: Record locking option in CRM is now available for all Zoho CRM users in all DCs. Note that it was an early access feature available only upon request. Hello All, Hope you're doing well! We're thrilled to introduce our latest

• Two new enhancements in Zoho CRM: Introducing new criteria for user fields and displaying group information in users page

  Announcement moderated on 14th June, 2023. Dear All, These enhancements are opened for all users in all DCs. ------------------------------------------------------------------------------------- Dear All, Hope you're well! We are here with two useful

• Tip #49- Navigating the Remote Support Dashboard in Zoho Assist- 'Insider Insights'

  The Remote Support dashboard in Zoho Assist is designed to help technicians quickly access, manage, and monitor all their support sessions from a single, intuitive interface. Whether you’re starting a new session, managing ongoing connections, or reviewing

• BMI formula

  I've been trying for hours to calculate BMI using height and weight as my only inputs. It's a simple calculation and I even went to ChatGPT to help me figure this out in Zoho Forms, but it led me down a path of "try this" and "try this". None of my attempts

• SEO on blogs

  Hello, google is not able to find my blogs. Can you advice me if I need to change some settings or anything else to make it retrievable via SEO many thanks, hans

• Duplicated Notebooks

  Out of the blue, almost all of my notebooks got duplicated and the different copies contain different information. Some seem like older copies than the others. I use the linux desktop app and sometimes the Android app. I assume that the sync failed at some point and was unable to merge the two versions together. But I'm afraid to add anything else to my notebook because if it can't properly sync 5 notebooks with only a handful of notes each, what will happen when I have hundreds of notes and I lose

• Mind mapping in Zoho Projects

  Good morning,   I would like to congratulate the Zoho team for building such an inovative and responsive application that fits in the daily challenges of so many work groups. I would like suggest you another functionality that helps a lot in project planning and development: mind mapping. Mind mapping would be of great help for brianstorming, knowledge management and other needs in online collaboration.   Thanks and wish you all the best! George Maha Empresa Júnior Multidisciplinar do Instituto de

• Retainer invoice in Zoho Finance modlue

  Hello, Is there a way of creating retainer invoices in the Zoho Finance module? If not can I request this is considered for future updates please.

• Documents don't sync properly

  Hello, My team recently moved to Zoho workDrive, some of my team, work remotely so we believed Zoho would be the best way to share and edit files as well as access files withing the team. However we are experiencing sync issues, when a file is uploaded in the file explorer and shows sync complete, same file can be seen on the Zoho web app but other team members can't see the said file because it is not syncing properly. i figured out that if i were to go to preferences in settings and resync the

• We are looking for an experienced Zoho Developer

  Hi Everyone! We’re on the lookout for a skilled Zoho Developer with hands-on experience in the Zoho Developer Platform (The Vertical CRM Platform) and if you don't know what that is, then you are not the person we are looking for. You would also need

• Initiate approval workflow after "on edit --> on success"

  Dear Community,  currently I am working on a initiative tracker which should handle approval workflows based on different initiative status. As far as I understand, an approval workflow can be triggered (only?) when data is entered for the input form to the database.  Example: A new initiative is created and submitted. --> Approval Workflow triggered Here comes my question: Is it also possible to trigger an approval workflow if the form was "simply" updated? (on edit --> on success) Imagine the initiative

• Tax Deductible Donations to a Charity Organisation

  For Australia, what's the best/proper method for entering an expense that is a tax deductible donation to a charitable organisation. And thus is appears correctly in Accounts and BAS as a GST payable deduction?

• Simultaneous use of WhatsApp Account in SalesIQ and ZohoDesk

  Hi, We have only one number registered in Meta, it's possible use same account for two apps? All times here we try is stopping in SalesIQ. Regards,

• External lookup fields to synchronise with Analytics

  Hello. I suggest adding external lookup custom fields to the Zoho Analytics integration settings. Currently, these types of fields are not available for synchronisation, so they cannot be used to generate reports with related tables in Analytics. Thank

• Next Page