diff --git a/pom.xml b/pom.xml
index e4f636e..fb48ccf 100644
--- a/pom.xml
+++ b/pom.xml
@@ -71,7 +71,7 @@
 
 		<!-- Managed -->
 		<snakeyaml.version>2.2</snakeyaml.version>
-		<tomcat-embed-core.version>10.1.26</tomcat-embed-core.version>
+		<tomcat-embed-core.version>10.1.28</tomcat-embed-core.version>
 		<logback-core.version>1.5.6</logback-core.version>
 		<jackson-core.version>2.17.2</jackson-core.version>
 		<json-path.version>2.9.0</json-path.version>
diff --git a/src/main/java/com/github/switcherapi/ac/service/facades/GitHubFacade.java b/src/main/java/com/github/switcherapi/ac/service/facades/GitHubFacade.java
index 00ed42c..ab553d5 100644
--- a/src/main/java/com/github/switcherapi/ac/service/facades/GitHubFacade.java
+++ b/src/main/java/com/github/switcherapi/ac/service/facades/GitHubFacade.java
@@ -1,6 +1,7 @@
 package com.github.switcherapi.ac.service.facades;
 
 import com.github.switcherapi.ac.model.GitHubDetail;
+import com.github.switcherapi.ac.util.Sanitizer;
 import jakarta.ws.rs.client.Client;
 import jakarta.ws.rs.client.ClientBuilder;
 import jakarta.ws.rs.client.WebTarget;
@@ -11,8 +12,11 @@
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;
 
+import java.util.List;
 import java.util.Map;
 
+import static com.github.switcherapi.ac.util.Sanitizer.*;
+
 @Component
 @Slf4j
 public class GitHubFacade {
@@ -46,8 +50,10 @@ public GitHubFacade(
 	}
 	
 	public String getToken(String code) {
+		var codeSanitized = sanitize(code, List.of(trim(), alphaNumeric()));
+
 		final WebTarget myResource = client.target(
-				String.format(gitUrlAccess, clientId, oauthSecret, code));
+				String.format(gitUrlAccess, clientId, oauthSecret, codeSanitized));
 
 		try (var response = myResource
 				.request(MediaType.APPLICATION_JSON)
@@ -56,8 +62,9 @@ public String getToken(String code) {
 
 			if (response.getStatus() == 200) {
 				final var responseEntity = response.readEntity(Map.class);
-				if (responseEntity.containsKey(ACCESS_TOKEN))
+				if (responseEntity.containsKey(ACCESS_TOKEN)) {
 					return responseEntity.get(ACCESS_TOKEN).toString();
+				}
 			}
 
 			log.error("Failed to get token from GitHub");
diff --git a/src/main/java/com/github/switcherapi/ac/util/Sanitizer.java b/src/main/java/com/github/switcherapi/ac/util/Sanitizer.java
new file mode 100644
index 0000000..dbca6a4
--- /dev/null
+++ b/src/main/java/com/github/switcherapi/ac/util/Sanitizer.java
@@ -0,0 +1,33 @@
+package com.github.switcherapi.ac.util;
+
+import lombok.experimental.UtilityClass;
+import org.apache.commons.lang3.StringUtils;
+
+import java.util.List;
+import java.util.Objects;
+import java.util.function.UnaryOperator;
+
+@UtilityClass
+public class Sanitizer {
+
+	public static String sanitize(String value, List<UnaryOperator<String>> sanitizers) {
+		if (Objects.isNull(value)) {
+			return StringUtils.EMPTY;
+		}
+
+		var sanitized = value;
+		for (UnaryOperator<String> sanitizer : sanitizers) {
+			sanitized = sanitizer.apply(sanitized);
+		}
+
+		return sanitized;
+	}
+
+	public static UnaryOperator<String> trim() {
+		return String::trim;
+	}
+
+	public static UnaryOperator<String> alphaNumeric() {
+		return value -> value.replaceAll("[^a-zA-Z0-9]", StringUtils.EMPTY);
+	}
+}
diff --git a/src/test/java/com/github/switcherapi/ac/util/SanitizerTest.java b/src/test/java/com/github/switcherapi/ac/util/SanitizerTest.java
new file mode 100644
index 0000000..6ac36ef
--- /dev/null
+++ b/src/test/java/com/github/switcherapi/ac/util/SanitizerTest.java
@@ -0,0 +1,54 @@
+package com.github.switcherapi.ac.util;
+
+import org.apache.commons.lang3.StringUtils;
+import org.junit.jupiter.api.Test;
+
+import java.util.List;
+
+import static com.github.switcherapi.ac.util.Sanitizer.*;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+class SanitizerTest {
+
+	@Test
+	void shouldSanitizeStringTrim() {
+		// Given
+		var value = "  test  ";
+
+		// When
+		var sanitized = sanitize(value, List.of(trim()));
+
+		// Then
+		assertEquals("test", sanitized);
+	}
+
+	@Test
+	void shouldSanitizeStringAlphaNumeric() {
+		// Given
+		var value = "test@123";
+
+		// When
+		var sanitized = sanitize(value, List.of(alphaNumeric()));
+
+		// Then
+		assertEquals("test123", sanitized);
+	}
+
+	@Test
+	void shouldSanitizeStringTrimAndAlphaNumeric() {
+		// Given
+		var value = "  test@123  ";
+
+		// When
+		var sanitized = sanitize(value, List.of(trim(), alphaNumeric()));
+
+		// Then
+		assertEquals("test123", sanitized);
+	}
+
+	@Test
+	void shouldSanitizeNull() {
+		var sanitized = sanitize(null, List.of(trim(), alphaNumeric()));
+		assertEquals(StringUtils.EMPTY, sanitized);
+	}
+}