Is there a way to pass-in a function to generate the 'state' parameter of the authorization URL?

[mihalios]

The team of the authorization server I'm using recently decided to block a set of characters in the authorize URL to prevent XSS attacks. One of these characters is equals sign '='.

During authorization the 'state' parameter is constructed by:

1. Generating today's datetime: https://github.com/swagger-api/swagger-ui/blob/master/src/core/oauth2-authorize.js#L61
2. Encoding it in base64: https://github.com/swagger-api/swagger-ui/blob/master/src/core/utils.js#L594

This results in two padding characters being added to the encoded string and as you can imagine this is not accepted by the Authorization Server.

I'm still trying to find out more information as to why '=' is part of the blocked characters but until then I'd like to know if I have the option of setting the state differently.

Thanks!