Bug: OAuth 2.0 State Parameter fails with Pipe Delimiters (RFC 6749 Non-Compliance)

https://accounts.zoho.com/oauth/v2/auth?response_type=code
    &client_id=<client_id>
    &scope=<scope>
    &redirect_uri=<redirect_uri>
    &access_type=offline
    &state=<state_value>

// Instead of using pipes as delimiters:
state = csrf_token + "|" + user_id + "|" + redirect_path;
// ❌ This breaks Zoho's authorization flow

// Developers must use alternative approaches:
state = csrf_token + "_SEP_" + user_id + "_SEP_" + redirect_path;
// or
state = base64_encode(json_encode({"csrf": token, "user": id, "path": path}));
// or
state = csrf_token; // Store other data server-side keyed by CSRF token

• Topic Participants

• Damien Cregan

  

• Sticky Posts

• Deprecation of SMS-based multi-factor authentication (MFA) mode

  Overview of SMS-based OTP MFA mode The SMS-based OTP MFA method involves the delivery of a one-time password to a user's mobile phone via SMS. The user receives the OTP on their mobile phone and enters it to sign into their account. SMS-based OTPs offer

• Recent Topics

• Initiate approval workflow after "on edit --> on success"

  Dear Community,  currently I am working on a initiative tracker which should handle approval workflows based on different initiative status. As far as I understand, an approval workflow can be triggered (only?) when data is entered for the input form to the database.  Example: A new initiative is created and submitted. --> Approval Workflow triggered Here comes my question: Is it also possible to trigger an approval workflow if the form was "simply" updated? (on edit --> on success) Imagine the initiative

• Tax Deductible Donations to a Charity Organisation

  For Australia, what's the best/proper method for entering an expense that is a tax deductible donation to a charitable organisation. And thus is appears correctly in Accounts and BAS as a GST payable deduction?

• Simultaneous use of WhatsApp Account in SalesIQ and ZohoDesk

  Hi, We have only one number registered in Meta, it's possible use same account for two apps? All times here we try is stopping in SalesIQ. Regards,

• External lookup fields to synchronise with Analytics

  Hello. I suggest adding external lookup custom fields to the Zoho Analytics integration settings. Currently, these types of fields are not available for synchronisation, so they cannot be used to generate reports with related tables in Analytics. Thank

• We should have an option to Toggle Off KB Article Links in AI Answer Bot Replies

  Hi everyone, I'm creating this topic to share a feature idea that I think would improve the customer experience when using the AI Answer Bot for self-service. The Current Behavior (The Problem) Currently, when the AI Answer Bot generates a summary or

• Boot Loop After Removing Service from Client via Admin

  We have multiple laptops experiencing a boot loop / unable to login after the Zoho Remote service was removed from their machine remotely via the desktop client. The Windows sign-in screen is not available, and users are unable to login. This seems like

• Request Backend Correction — Domains Mapped to Same Help Center (Multi-Brand Setup Failure)

  Hello Zoho Desk Support Team, I need assistance correcting a domain-to-brand mapping issue in our Zoho Desk instance (The Blue Ribbon Project). Both of our verified domains currently point to the same Help Center instead of separate brand portals. Current

• is there any option to enable the participants interact - can write on the screen, while the screen is shared by the host?

  this is most expected features - for teaching children. is there any option to enable the participants interact - can write on the screen, while the screen is shared by the host?

• How to disable the Login button in Desk Helpcenter

  Hey there, I'm testing out whether the help center within Zoho Desk could replace our existing Customer FAQ. I tried to customize the themes for the public help center frontend, but stumbled across the login button in the navigation bar. Is there any

• Full Text Customization & Translation in SalesIQ Chat Widget Settings

  Dear Zoho SalesIQ Team, Greetings, We would like to request an important enhancement to the chat widget customization options in Zoho SalesIQ. Current Limitation: At the moment, only some of the text shown in the chat widget is editable or translatable

• Best way to display complex Bookings Consultation Descriptions on Zoho Site?

  I am a new user so apologies if this has been asked before. I couldn't find any answers in the forum. We offer 18 complex Consultations to our subscribers. Our current platform lets me put detail on these Consultations thoroughly (200-300 words) during

• Gmail is ramping up its email sender policy as of November 2025

  Hello marketers, As you may be aware, Gmail introduced a guideline for bulk senders starting February 2024. If not, here's a quick refresher straight from Google: After this policy was announced first in 2023 and soft-implemented in February 2024, we

• Modifying iframe data of Zoho booking iframe

  Hello, I have integrated a Zoho Bookings embedded iframe into my website. Currently, I am pre-filling the booking form with default values as part of our process flow. However, I want to ensure that if an input field is already populated with a default

• Zoho CRM Workflow and Function Backup Options

  Hi everyone! I have been able to make several backups of my CRM data and noticed that the Workflows and Functions are not included in these backups. To my knowledge, there is no backup feature for workflows and functions, which is problematic in of itself.

• Is or will be possible to associate meeting transcription and summary, made by Zia, to meeting/contact/account record in CRM?

  Would be useful to keep context and track jobs, better if it will be auto

• Desk Field Not Showing in Analytics

  Hi there, I recently added a field to our Zoho Desk Ticket Information. I went and added the data retrospectively to the tickets. It is also marked as required, so all new tickets cannot be closed off without it being filled in. When I try to run a report

• Export data using advanced export options and customizable settings

  Hello everyone, The user interface for exporting data has been revamped with updates to make data exports more flexible and efficient for users. These updates not only enhance usability but also bring advanced capabilities to help users extract precise

• Moving data from one pipeline to another

  Hey all, I've got some complex pipelines to build and I'd like to seperate them into seperate pipelines rather than have one mammoth one. If I create 2 pipelines, is there any easy way to use the output of Pipeline1 to be the input into Pipeline2? Or

• How to export/find all deluge code.

  Hi, I have a large app wich contains several forms, reports, html views, I need to find thow my application if any contains specific word, I could find it manually by editing app and see on every section(field code, on succes, on load, etc) but I would like to do it faster. Is there a way to at least export it to a file the whole deluge code on my application?

• Have Some Bugs in Zoho CRM Ask Zia Assistant

  Hi Support Team, I have found some bugs in Zoho CRM Ask Zia Feature Please Check below screenshot, insight option is showing twice i think its in early access that's why its have some bugs .

• COD with Partial payment

  Two reasons why we need COD with partial payment option. 1) Since we deal heavy weight products our shipping costs are too high. If shipment is rejected by customer we incur huge loss. 2) Some competitors place fake orders with different names and return

• Slicers are now available in Zoho Sheet—filter your data interactively

  At Zoho Sheet, we diligently track user requests and feedback. In line with this, based on extensive user requests, we've integrated Slicers to pivot tables and are delighted to announce its release. Slicers are interactive visual filters that have add,

• Resizing a Record Template Background Inage

  Hi everyone, I have an issue which I can't seem to resolve: Basically, I'm designing a record template in certificate form. I've specified A5 landscape. I've set my background image the same dimensions with total pixels at 443,520. Whatever I try, when

• Introducing Data Bars: Graphically represent changes in data within the cells

  Conditional formatting has helped millions of spreadsheet users analyze and highlight their data more efficiently. In addition to the classic rules, color scales, and icon sets available in Zoho Sheet, you can now apply Data Bars, a convenient method

• Default Font Size in Desk

  How do I set my default font size in Desk? It takes me about 45 minutes to find the place to set it, then, when I sign out of Zoho and log back in, it's back to font 10 again. Seems like this would be simple, but like everything with Zoho, it's buried

• Tip #19 - Create checkbox tracker in your spreadsheet

  Hello Sheet users! We are here with yet another tip to help you get the most out of Zoho Sheet. Spreadsheets can be used to handle a variety of tasks, but ever tried using checkboxes to track the progress of your action items dynamically? Here's a sample

• Tip #20 - Three things you probably didn't know you can do with picklists

  Hello Zoho Sheet users! We’re back with another quick tip to help you make your spreadsheets smarter. Picklists are a great tool to maintain consistency in your spreadsheet. Manually entering data is time-consuming and often leaves typos and irregular

• Per Level Approval for admins

  We need Process admins like Zoho CRM in Zoho Books for per stage approval Currently in books, admins only have the option for Final Approval But for example, in cases like when an employee is on leave, we can't just approval one level we only have option

• Feature enhancement: Highlight rows based on a cell value

  Hello Sheet users, We're excited to announce a new feature enhacement, shaped directly by your valuable feedback! As you might know, conditional formatting is a great tool for anyone dealing with large data sets. Previously, if you’ve ever wanted to draw

• Updating custom fields in Zoho Projects

  Hi I am wondering if anyone has experience with custom fields in Zoho Projects. I am struggling to update the field using either deluge or the api endpoint. My code is: //custom_Map = map(); custom_Map = {"UDF_DOUBLE_1":"0.27"}; update_Map = map(); update_Map.put("custom_fields",custom_Map.toList());

• Markdown for Desk?

  Hi, my company wants to use markdown for formatting text in Desk (in all modules there, especially Tickets and Helpcenter). Zoho already offers use of markdown in several products (see https://help.zoho.com/portal/en/kb/backstage/microsite-guide/formatting-with-markdown/articles/formatting-with-markdo)

• Change Currency symbol

  I would like to change the way our currency displays when printed on quotes, invoices and purchase orders. Currently, we have Australian Dollars AUD as our Home Currency. The only two symbol choices available for this currency are "AU $" or "AUD". I would

• Calendar not working

  Are we the only ones. On any browser we cannot click on any of our calendar appointments and get them to open. They just make the browser loop. WE have reached out and have been told they are working on it. The office staff are really stuck. The point

• WhatsApp Message Template Quick Reply Buttons

  Hello, I created my first Message Template to overcome the 24-hr messaging window and it was approved by WhatsApp/Meta. When I go to Meta, I also see that template brought from Zoho Desk, and used it via Zoho Desk IM. However, I notice that when in Meta's

• Account in Quick View Filter

  I have a report that I often run against a specific Account. Every time, I have to go into the edit menu and change the Advanced Filter. I would prefer to use the Quick View Filter, but it does not allow me to use the one and only field that makes any

• Set Display for Numbers/Currency/etc with Client Script/Customization in Canvas List Page

  Is it possible to set a display mask for a number/currency field using Client Script or customization? I have custom fields that I would like to keep the decimal places for calculation purposes, but do not need them displayed to the user. So 101.3568

• 136.143.188.51 blocked by spamcop

  Zoho mailserver seems to be blocked by spamcop. Cant send mail to my customer. Not sure what to do.

• 🚀 WorkDrive 5.0: Evolving from a file sharing app to an intelligent content management platform: Phase 2

  Hello everyone, WorkDrive's primary focus has always been to provide an intelligent and secure content management platform, simplify collaboration, and be the central repository of files for all Zoho apps. In our previous announcement, we unveiled the

• i keep see there is a connetion issue connecting 3rd party api on zoho when using zia

  hi there , i have set up open ai api to zoho zia (copied and pasted to zoho zia) but I keep getting notificaiton "there is a connetion issue connecting 3rd party api on zoho" when using zia on top when click zia and try to type in word there

• Deleting Fields in CRM Deletes Views in Analytics

  Hey friends! I'm having some issues when we modify some fields within ZohoCRM. There are times where we need to sunset a field and eventually completely remove it. In these instances, it seems like a lot of views are removed in Analytics. This ranges

• Next Page