Bug: OAuth 2.0 State Parameter fails with Pipe Delimiters (RFC 6749 Non-Compliance)

https://accounts.zoho.com/oauth/v2/auth?response_type=code
    &client_id=<client_id>
    &scope=<scope>
    &redirect_uri=<redirect_uri>
    &access_type=offline
    &state=<state_value>

// Instead of using pipes as delimiters:
state = csrf_token + "|" + user_id + "|" + redirect_path;
// ❌ This breaks Zoho's authorization flow

// Developers must use alternative approaches:
state = csrf_token + "_SEP_" + user_id + "_SEP_" + redirect_path;
// or
state = base64_encode(json_encode({"csrf": token, "user": id, "path": path}));
// or
state = csrf_token; // Store other data server-side keyed by CSRF token

• Topic Participants

• Damien Cregan

  

• Affan Mohammed

  

• Sticky Posts

• Deprecation of SMS-based multi-factor authentication (MFA) mode

  Overview of SMS-based OTP MFA mode The SMS-based OTP MFA method involves the delivery of a one-time password to a user's mobile phone via SMS. The user receives the OTP on their mobile phone and enters it to sign into their account. SMS-based OTPs offer

• Recent Topics

• What's new in Zoho Social - Q1 recap

  Hello everyone, We’ve rolled out a bunch of updates in Q1, and we’re excited to walk you through them. To help you explore these features in detail, we’re hosting a Q1 recap webinar where we’ll show you how to make the most of each update. Q1 recap webinar

• Payment Card or Identity form-fill from Vault?

  Hello! I'm working on replacing Bitwarden with Vault and one issue I've run into is that I can't find any option to fill address and payment forms from Payment Card or Identity info that has been saved in Vault. Is there a way to do this? Is it a planned

• Merging Photos from Subforms into Writer

  I've got a subform that contains uploadable photos. Im trying to merge them into a template but there is no option to pull them in. Is this possible? We are creating an inspection module where we can take photos and make notes and export to a report.

• Add Unified Project-Wide Development & Release GitHub Dashboard

  Hi Zoho Projects Team, I am writing to submit a feature request for a Unified Development & Release GitHub Dashboard that provides centralized GitHub visibility at both the Project and Milestone levels. The Vision: We need a single "Command Center" that

• RouteIQ user Licensefor Non–Zoho One User

  Zoho RouteIQ needs to be purchased for Zoho CRM. The current setup uses the Zoho One plan, but RouteIQ is required for a different user who is not part of Zoho One. However, they need access to routes and customer details within RouteIQ for planning their

• Able to change project on timelog entries

  Ability to move the timesheet entry from one project to another. When a user adds a wrong entry a manager can change/update the timesheet entry to the correct project.

• Private Contacts & Tasks

  What is the timeframe for being able to filter Activities and Contacts from being viewed by the rest of my team? I sync with Outlook and the ability to create a task that is private would be of great help. I have to take my dog to the vet this morning and because I put it in my Outlook calendar, now my whole team is aware of it because I had no way to mark it "private" in zoho. A simple checkbox would be great! I would be more than happy to provide examples of how ACT does this. For each event or

• WhatsApp Calling Integration via Zoho Desk

  Dear Zoho Desk Team, I would like to request a feature that allows users to call WhatsApp numbers directly via Zoho Desk. This integration would enable sending and receiving calls to and from WhatsApp numbers over the internet, without the need for traditional

• Sum over

  Hi, Is there an equivalent in Zoho (Aggregated Formula) to SQL’s SUM() OVER (PARTITION BY ...)? I’m looking for a way to calculate a sum within a group (partition) without collapsing the data, so that the result is still available at the row level. Has

• Api Version 2 Refresh Token invalid_code

  While Refresh token i am always getting Error {     "error": "invalid_code" } i am trying to pass all parameter as per this https://www.zoho.com/crm/developer/docs/api/refresh.html still non of things working any one have idea whats the reason for same ... please help due to this i stuck since last one week

• Is it possible to clone my Lead module layout to Customer and Potential layouts?

  I've customized all fields and their order for Leads module and I would like to know if I'm able to clone those fields into another modules, only to avoid repeated work. Awaiting.

• Invoice date is incorrect

  I'm trying to pull a report of Sales Orders and filter by Invoice Date. (ex: all of 2025) Unfortunately, the filter still returns lots of SO's from other years including 2026 which would be impossible to have an invoice in 2025 from a 2026 order. It's

• DYK 2 - Filter Columns in List View

  Did You Know you could filter columns across lists in Zoho Projects ? This allows you to quickly narrow down large datasets without navigating to the filter panel from time to time, making it easier to focus on what matters right from where you are working.

• Sync Enable issue Between Zoho FSM and Invoice

  Hello Latha, I hope you are doing well. I am trying to enable synchronization between Zoho FSM (Org ID: 170000078905) and Zoho Invoice (Org ID: 170000079301). However, when I attempt to do so, I receive an “Internal error” message. Could you please assist

• Introducing Auto-trigger for Screening Bot

  Still manually sending screening tests after every application? Not anymore. With Auto-trigger for Screening Bot, screening now begins automatically. When a candidate applies for a job that has an attached assessment, Recruit checks whether the test has

• Canvas templates can now be shared with different CRM organizations

  Moderated on 14th February, 2023: Dear all, This feature is now open for all users in all DCs. To learn more about importing and exporting canvas templates, read our help doc -Customizing Record Detail Page Using Canvas Dear All, We hope you're well!

• Zoho Mail Android app update: UI revamp

  Hello everyone! We are excited to share that the first phase of the Zoho Mail Android UI revamp is now live. In this update, we have redesigned navigation bar at the bottom to quickly access the Email, Calendar, Contacts, and Settings modules. Also, the

• CRM x WorkDrive: We're rolling out the WorkDrive-powered file storage experience for existing users

  Release plan: Gradual rollout to customers without file storage add-ons, in this order: 1. Standalone CRM 2. CRM Plus and Zoho One DCs: All | Editions: All Available now for: - Standalone CRM accounts in Free and Standard editions without file storage

• How to add a custom hyperlinked button in ZohoCRM Canvas Builder?

  I am building custom views in ZohoCRM Canvas builder, with one view that will be used for a client Portal. Trying to add a custom button that when clicked opens a separate window to a ZohoForm. How do I do this?

• Filtering on related module

  I have a custom module (Module1) which is related to another custom module (Module 2) Module 1 can have many related records in Module 2. Module 2 has a date field. Module 1 has related list Module 2 I want to filter Module 1 to list all records where

• Multi-Select Field Option Limit Inquiry

  Hello FSM Team, We would like to inquire about the limitation of the Multi-Select field in Zoho FSM. Currently, the system allows a maximum of 10 selectable options, and we encountered the message: “Option count more than allowed count of 10.” Issue:

• Disable Zoho Contacts

  We don't want to use this app... How can we disable it?

• Records Per Page

  Can we get max number of records per page increased from 100 to 250 and 500 please? Or alternatively allow us to use the Zoho Sheet View for all records and not just the max 100 showing on the page? thanks.

• Zoho Forms sheet prefil

  I've been using zoho sheet prefill for a week and it was working perfectly, as soon as i deleted the particular sheet and replaced it with another one no matter what I do it cant find the record and i get this message. Could you please assist me to resolve

• Check out in Meetings

  Why there is no check out in Meetings of Zoho CRM, very difficult to track

• CRM to Desk Contact Sync Issues?

  Hello, I noticed none of the contact changes in CRM are being transferred over to Desk. Anyone else experiencing this? I checked the sync history in desk and it confirms it - it doesn't show "X Contacts Synced" like it normally does.

• Microsoft Teams integration in Zoho Apptics

  Good app monitoring is not just about collecting data. It is about making sure important updates reach the team in time to act on them. When an app crashes or a user shares feedback from within the app, teams should be able to see it promptly without

• Marketing Tip #28: Increase buyer confidence with visible social media links

  Your social media pages are often where customers go to “double-check” your brand before buying. When visitors can easily find your Instagram, Facebook, YouTube, or LinkedIn from your store, it builds trust and makes your business feel more real and active.

• [Webinar] Solving business challenges: One tool for documents, forms, PDFs, e-signatures, and more

  Hi Zoho Writer users, Most businesses rely on multiple tools, such as a word processor, form builder, e-signature provider, and PDF editor, for their document workflows. Managing multiple subscriptions, switching between tools, and moving data across

• Customer Message Edit/Delete Function & Backend Visibility Inquiry

  目前客服已发送的对话支持编辑和删除功能，请问在 Zoho 系统后台，是否可以查看客服具体发送了什么内容，以及删除或修改了哪些信息？如果无法查看，这个功能是否可以通过设置关闭客服的编辑和删除权限？如可以，请告知具体设置路径。 Currently, customer service agents are able to edit and delete messages after sending them. In the Zoho system backend, is it possible to view

• Google Drive API 403 PERMISSION_DENIED from Deluge custom function - OAuth connection not recognised

  Hi all, I've built a custom Deluge function to route Zoho CRM Account attachments into specific Google Drive subfolders based on filename prefix. The CRM API steps all work correctly, however our first Google Drive API call (listing subfolders via drive/v3/files)

• Supercharge Your Zoho Billing Workflows with AI Using Zoho MCP

  What is MCP and how does it connect to Zoho Billing? If you've ever wished you could just tell your billing software what to do without clicking through menus, running reports manually, or switching tabs every five minutes, that's exactly what the Zoho

• Automation Series: Notify Admin When User Accepts an Invitation

  In Zoho Projects, a portal is an organisational-level workspace where user can manage multiple projects. To join a portal, a user will have to accept the portal invitation. However, it is important for admins to be in the loop when a user accepts the

• Knowledgebase SEO

  We have a custom-domain mapped help center that is not restricted via login. I have some questions: a) will a robots.txt file still allow us to control indexing? b) do we have the ability to edit the sitemap? c) do category URLs get indexed by search

• Mail Merge preview won't load

  Hello! One of our users has not been able to use mail merge templates in CRM as the preview screen does not load. We have many templates for one of our custom modules and the users are used to this feature and have been using it for years without any

• mask Customer phone number and agents cant see customer phone number

  Is there any way we can integrate Zoom Phone with Zoho CRM while ensuring that customer phone numbers remain masked? We need a solution where agents can make outbound calls but cannot see customer phone numbers. Please let us know if there is any solution

• Record-Level Cliq Conversations Inside Zoho CRM

  It would be extremely useful to bring the Zoho Projects + Cliq conversation experience into Zoho CRM records. Today, in Zoho Projects, each project or task can have its own related chat conversation through Cliq, allowing team members to discuss that

• Introducing note actions and dynamic visibility in Kiosk Studio

  Hello all, We are introducing enhancements to Kiosk Studio that will improve the product scope and meet your custom needs more precisely. What's new? Add notes as Actions: You can add notes to CRM records as kiosk Actions, as well as insert merge fields

• Logging Calls not working

  For some reason, logging calls is not working anymore. Description of problem: On a Lead's record, in the "Open Activities" block, clicked on "Add New" Clicked on "Call", clicked on "Log a call" Nothing happens. If I click on "Schedule a call" nothings

• How do I filter contacts by account parameters?

  Need to filter a contact view according to account parameter, eg account type. Without this filter users are overwhelmed with irrelevant contacts. Workaround is to create a custom 'Contact Type' field but this unbearable duplicity as the information already

• Next Page