From 7e44629bbae9cb503d197cf39ef3adcad19bd1af Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Oriol=20L=C3=B3pez-Doriga?= <orildsaga@gmail.com>
Date: Wed, 27 Mar 2024 17:05:33 +0100
Subject: [PATCH] verifying visa issuer

---
 permissions/auth.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/permissions/auth.py b/permissions/auth.py
index 129ee652..ec36b746 100644
--- a/permissions/auth.py
+++ b/permissions/auth.py
@@ -81,6 +81,12 @@ async def get_user_info(access_token):
                         for visa_dataset in visa_datasets:
                             try:
                                 visa = jwt.decode(visa_dataset, options={"verify_signature": False}, algorithms=["RS256"])
+                                if visa['iss']==conf.lsaai_issuer:
+                                    pass
+                                elif visa['iss']==conf.idp_issuer:
+                                    pass
+                                else:
+                                    raise web.HTTPUnauthorized('invalid token')
                                 dataset_url = visa["ga4gh_visa_v1"]["value"]
                                 dataset_url_splitted = dataset_url.split('/')
                                 visa_dataset = dataset_url_splitted[-1]