From 210b7b23369d2a9946d7dbfd7945a7d0776f9ccb Mon Sep 17 00:00:00 2001
From: Abby Carey <abigailc@microsoft.com>
Date: Fri, 19 Jul 2019 09:54:59 -0700
Subject: [PATCH] Adding issuer (#2266)

* Adding issuer
* Update make_iap_request.py
---
 iap/make_iap_request.py | 2 +-
 iap/validate_jwt.py     | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/iap/make_iap_request.py b/iap/make_iap_request.py
index 4e93b9391d16..d44e827ab2c3 100644
--- a/iap/make_iap_request.py
+++ b/iap/make_iap_request.py
@@ -48,7 +48,7 @@ def make_iap_request(url, client_id, method='GET', **kwargs):
     # Set the default timeout, if missing
     if 'timeout' not in kwargs:
         kwargs['timeout'] = 90
-        
+
     # Figure out what environment we're running in and get some preliminary
     # information about the service account.
     bootstrap_credentials, _ = google.auth.default(
diff --git a/iap/validate_jwt.py b/iap/validate_jwt.py
index 8a69e368874c..a672e1d94ae4 100644
--- a/iap/validate_jwt.py
+++ b/iap/validate_jwt.py
@@ -77,6 +77,7 @@ def _validate_iap_jwt(iap_jwt, expected_audience):
         decoded_jwt = jwt.decode(
             iap_jwt, key,
             algorithms=['ES256'],
+            issuer='https://cloud.google.com/iap',
             audience=expected_audience)
         return (decoded_jwt['sub'], decoded_jwt['email'], '')
     except (jwt.exceptions.InvalidTokenError,