Bug: OAuth 2.0 State Parameter fails with Pipe Delimiters (RFC 6749 Non-Compliance)

https://accounts.zoho.com/oauth/v2/auth?response_type=code
    &client_id=<client_id>
    &scope=<scope>
    &redirect_uri=<redirect_uri>
    &access_type=offline
    &state=<state_value>

// Instead of using pipes as delimiters:
state = csrf_token + "|" + user_id + "|" + redirect_path;
// ❌ This breaks Zoho's authorization flow

// Developers must use alternative approaches:
state = csrf_token + "_SEP_" + user_id + "_SEP_" + redirect_path;
// or
state = base64_encode(json_encode({"csrf": token, "user": id, "path": path}));
// or
state = csrf_token; // Store other data server-side keyed by CSRF token

• Topic Participants

• Damien Cregan

  

• Affan Mohammed

  

• Sticky Posts

• Deprecation of SMS-based multi-factor authentication (MFA) mode

  Overview of SMS-based OTP MFA mode The SMS-based OTP MFA method involves the delivery of a one-time password to a user's mobile phone via SMS. The user receives the OTP on their mobile phone and enters it to sign into their account. SMS-based OTPs offer

• Recent Topics

• Actual vs Minimum

  Hi all, I am sure I am not the only one having this need. We are implementing billing on a 30-minute increment, with a minimum of 30 minutes per ticket. My question is, is there a way to create a formula or function to track both the minimum bill vs the

• Generate leads from instagram

  hello i have question. If connect instagram using zoho social, it is possible to get lead from instagram? example if someone send me direct message or comment on my post and then they generate to lead

• Kaizen #234 - Automating Deal Handoff with Zia Assistant API, Workflow, Deluge, and Widget in Zoho CRM

  Hello all! Welcome back to a fresh Kaizen week. In this post, we will explore how to automate the deal handoff process in Zoho CRM using Zia Assistant API + Workflow + Deluge + Widgets. Here’s how the final output looks when a deal is reassigned 1. Deal

• How do you print a refund check to customer?

  Maybe this is a dumb question, but how does anyone print a refund check to a customer? We cant find anywhere to either just print a check and pick a customer, or where to do so from a credit note.

• Ability to assign Invoice Ownership through Deluge in FSM

  Hi, As part of our process, when a service appointment is completed, we automated the creation of the invoice based on a specific business logic using Deluge. When we do that, the "Owner" of the invoice in Zoho FSM is defaulted to the SuperAdmin. This

• All new Address Field in Zoho CRM: maintain structured and accurate address inputs

  Availability Update: 29 September 2025: It's currently available for all new sign-ups and for existing Zoho CRM orgs which are in the Professional edition exclusively for IN DC users. 2 March 2026: Available to users in all DCs except US and EU DC. Latest

• Enhancement to ICR’s field prompting: Preferred data extraction using advanced field prompting

  Dear Customers, We hope you’re well A quick background Intelligent Character Recognition (ICR) comes as part of Zia’s optical recognition capability called Zia Vision. When we introduced it last April, the data extraction was training-based and was applicable

• See a list of all records enrolled in a cadence?

  I am looking for a way to see a list of all leads or contact currently enrolled in a cadence. I do not see any way to do this through the cadence UI.

• Limitation in chart of accounts

  There is a limitation of 4000 accounts in chart of accounts  Zoho needs to remove this limit

• How do I change the account bank charges are charged to?

  I want bank charges charged to my Credit Card Fees account. Is there a way to do this?

• Real signature in Zoho Expense PDF report ?

  Hello ! Is there a way to put a real signature on the signature line when a PDF report is generated in Zoho Expense? Through Zoho Sign or another way? Can't seem to make it work.

• Copy paste settings

  Hello all i have 2 organizations running in ZOHO books in one organization i have customised Tax rates, codes and customized templates instead of manually doing again in org 2 can i have some shortcut to copy paste or export and import??

• Custom TDS on Vendor Credits via API

  Hi, We are using Zoho Books APIs for posting Bills and vendor credits. We are unable to post custom TDS amount posting vendor credits. Can you please share the API spec and Payload that need to be sent for Custom TDS for Vendor Credits.

• "Unlink" Advance from Bill without Deleting the Payment Record

  I am writing to highlight a significant workflow issue in Zoho Books (India Edition) regarding Vendor Advances and Bills. The Scenario: I recorded an Advance Payment to a vendor. I matched/reconciled this payment in the Banking module. I received a Bill

• Advance Payment Record Removed When Deleting Applied Credit from Bill

  Hello, So while working with vendor advance payments, I noticed that removing the applied credit from a bill also removes the corresponding entry from the Payments Made section. What I did : Recorded an advance payment to a vendor through Payments Made.

• What is the best way to convert MSG file to Word format?

  The best way to convert MSG files to Word format is by using a reliable and professional tool Aryson MSG file Converter. Manual methods are often time-consuming and may not preserve email formatting, attachments, or metadata accurately. In contrast, Aryson

• Address Typeahead Extension for Zoho Books

  I installed the Address Typeahead extension for zoho books but when I went to configure it, it said that that version was deprecated. Is there a newer version somewhere?

• Zoho Projects : Task should auto-update to 'In Progress' if timer started

  Namaskaram. Right now, if a Task's timer is started, the Task stays in 'Not Started' status. One has to manually update it to 'In Progress'. From a #uxdesign standpoint, it is an unnecessarily two step process to start working on a task. It would be better that, if I start the timer on a task, it should automatically change to 'In Progress' status. Crafted with ❤️ Zoho Gurus | Zoho One Practice Team @ CubeYogi Zoho Authorised Partner | 7+ Yrs | 200+ Projects | 100+ Customers

• Invoice template with sales tax totals

  Hi everyone,  I am trying to edit my invoice template so that only the total sales tax collected for my tax group shows up. Right now, under by sub total, each individual tax shows up and that takes up a lot of unnessary space, so I just want the one

• Zoho Delayed Posting & Loss of Article Thumbnails on BlueSky

  Hello! I am wondering if anyone else has had the either of the following issues when posting to socials via Zoho and if there is a fix? 1. Post says it is scheduled or it is live when sent off via Zoho but it doesn't show up on socials till some time

• Connection Not Secure (Certificate Mismatch) Error

  Hi, Just a fyi, when you go to https://bigin.zohocloud.ca/bigin/Home you get a "Your Connection Is Not private" error. (Certificate mismatch to domain.) I get to that page after I have signed up and signed in as a customer and select the Access Bigin

• Recording the Investment

  Hello, - One Investor Invested to our company, So how do we record investment which we received in our bank in the Zoho books ? - How do we record if we provide shares to the investor in the Zoho books? Thanks

• Export Invoices to XML file

  Namaste! ZOHO suite of Apps is awesome and we as Partner, would like to use and implement the app´s from the Financial suite like ZOHO Invoice, but, in Portugal, we can only use certified Invoice Software and for this reason, we need to develop/customize on top of ZOHO Invoice to create an XML file with specific information and after this, go to the government and certified the software. As soon as we have for example, ZOHO CRM integrated with ZOHO Invoice up and running, our business opportunities

• Client and Vendor portal at the same time

  We have companies that serve both as clients and vendors and they are linked. However, we have a problem giving them access to the vendor/client portal. If they accept the invitation from the client portal, when we try to invite them to the vendor portal

• Integrate Multiple ZohoBooks organization with zoho projects

  We have successfully connected our Zoho Books with Zoho Projects for synronizing timesheet data. Our Business specialty is, that the staff of the Main company (A) is working on several projects, but the Clients are sometimes contracted and paying to a

• Ways to calculate the difference form two years or months

  Hi to everyone I have this request: I need to show the difference or variation from two periods (years or months) whether using a Pivot View or a graph, in this is case is better in a Pivot view. In the pivot view I will have the amount or results from

• Career site URL - Suggestion to modify URL of non-english job posting

  Hi, I would like to suggest making a few modification to career sites that are not in english. Currently, the URL are a mix of different languages and are very long. It makes for very unprofessional looking URLs... Here is an example of one of our URL

• Cliq iOS can't see shared screen

  Hello, I had this morning a video call with a colleague. She is using Cliq Desktop MacOS and wanted to share her screen with me. I'm on iPad. I noticed, while she shared her screen, I could only see her video, but not the shared screen... Does Cliq iOS is able to display shared screen, or is it somewhere else to be found ? Regards

• Introducing Contract Settings & Backdated Contracts in Zoho Contracts

  We are rolling out updates that give you more control over how contracts are created and managed in Zoho Contracts. From defining default workflows with Contract Settings to aligning agreements with real timelines using Backdated Contracts, these enhancements

• Celebrating our customers on International Client's Day

  Hi everyone, Every customer is part of our Zoho Desk family, and we wouldn’t want to miss celebrating you on this special day. This International Client's Day, we’d like to take a moment to appreciate every customer who has helped us grow and build meaningful

• Zoho Books | Product updates | February 2026

  Hello users, We’ve rolled out new features and enhancements in Zoho Books. From Advanced Reporting Tags to the ability to mark projects as completed, explore the latest updates designed to improve your bookkeeping experience. Introducing Advanced Reporting

• Faster Ticket Response with use of Snippets in comments

  Hello everyone, Responding to tickets often involves repeating the same messages, whether it is sharing updates with customers or leaving notes for internal collaboration. To make this easier and more consistent, we are allowing agents to use snippets

• Improving Zoho Creator's email deliverability

  Hi all, We're pleased to announce updates to email handling in Zoho Creator to improve the deliverability of the emails sent from the Creator platform. These updates have been designed keeping in mind the fact that emails from domains with strong sender

• What's New in Zoho Billing | February 2026

  February brings a powerful set of updates to Zoho Billing, from smarter subscription management and flexible payment options to better reporting and more control over your hosted pages. Here's everything that's new this February. Create Subscriptions

• Reassign Partially Saved Entries

  Hi, I would like to be able to go to Partially Saved Entries and like the option to delete them I would like the option to multi-select and be able to reassign them to another user to complete (Such as when a user has left the company). Thanks Dan

• Can we rely on order of returned ids when inserting multiple records?

  Hello! API https://www.zoho.com/crm/developer/docs/api/v8/insert-records.html does not mention that the response array will match the input array*, keeping this important information implicit and someone might have doubts to rely on it. (*the response

• Displaying only unread tickets in ticket view

  Hello, I was wondering if someone might be able to help me with this one. We use filters to display our ticket list, typically using a saved filter which displays the tickets which are overdue or due today. What I'd really like is another filter that

• What is a realistic turnaround time for account review for ZeptoMail?

  On signing up it said 2-3 business days. I am on business-day 6 and have had zero contact of any kind. No follow-up questions, no approval or decline. Attempts to "leave a message" or use the "Contact Us" form have just vanished without a trace. It still

• Zoho Books: tax is not automatically pulled from product-data anymore - why?

  Hi, until a short time ago, you could set a default taxrate for each product/item. This taxrate automatically appeared each time the item was chosen in an invoice or quote. Why does this not work anymore? The field is still there at the product record,

• Issue creating a YTD report with last years numbers

  I am looking to create a widget to compare the YTD leads we have in 2023 to the YTD leads we had in 2022. I'm having issues with the aggregate formula creation to gain access to the 2022 Leads YTD data point. Feeling like this is a common view of data

• Next Page