diff --git a/resources/tokenisation/minter/token_gen.lua b/resources/tokenisation/minter/token_gen.lua
--- a/resources/tokenisation/minter/token_gen.lua
+++ b/resources/tokenisation/minter/token_gen.lua
#
-- VID-11 Token Generator
#
-- Generate a sha256_hmac based token to allow user to authenticate
#
+-- - is referer in permitted_referrers?
#
+-- - if httpref is not null, is the domain the same as in referrer?
#
+-- - Is ip not in blacklisted_ips?
#
+-- If the above passes, or the ip is in excluded_ips, then we should mint the token
#
+-- otherwise, call sendFailed()
#
local require = require
#
@@ -158,17 +168,6 @@ local httpref = 'https://snippets.bentasker.co.uk/foobar'
#
--- TODO: Authentication checks
#
--- At this point we should check
#
--- - is referer in permitted_referrers?
#
--- - if httpref is not null, is the domain the same as in referrer?
#
--- - Is ip not in blacklisted_ips?
#
--- If the above passes, or the ip is in excluded_ips, then we should mint the token
#
--- otherwise, call sendFailed()
#
if table.contains(blacklisted_ips,ip)
#
sendFailed("Users IP is blacklisted")