is there a way in hydra to prevent the [ period ....
# talk-hydraf
flaky-book-52582
10/12/2023, 4:13 PMis there a way in hydra to prevent the [ period . ] character in the authorization code ?
m
magnificent-energy-493
10/13/2023, 11:47 AM
Hm I dont know of an easy way to do this.
What do you mean by
arent conducive to using periods in the code in a visible url?
f
flaky-book-52582
10/13/2023, 2:14 PMthe auth code is visible in the client browser after the redirect . The security teams of some companies aren't happy with the period character in the the URL. It was a show stopper for some of them. I can only guess that may be because it may make it difficult to detect attacks coz a period would mess up their regular expressions.
flaky-book-52582
10/13/2023, 2:18 PMso in the config of hydra if there was an option to specify the character set allowed in the returned authorization_code, that would resolve this issue, else we would have an adapter in front of hydra to customize before pushing to hydra.
flaky-book-52582
11/01/2023, 3:26 PMwe really need to switch the CodeGenerationStrategy to one that does not include period. How do I bring forward this request ?
m
magnificent-energy-493
11/01/2023, 5:22 PM
Hey @flaky-book-52582
We can probably solve the problem very quickly and efficiently if you become an Ory Network customer.
You can also create a feature request or design document in GitHub, but that might take longer.
It depends on your timeline and budget; I would suggest to reach out to sales@ory.sh.
3 Views