diff --git a/aiohttp_security/api.py b/aiohttp_security/api.py
index 90d07d4..a8a024c 100644
--- a/aiohttp_security/api.py
+++ b/aiohttp_security/api.py
@@ -59,6 +59,7 @@ def authorized_userid(request):
 
 @asyncio.coroutine
 def permits(request, permission, context=None):
+    assert isinstance(permission, str), permission
     identity_policy = request.app.get(IDENTITY_KEY)
     autz_policy = request.app.get(AUTZ_KEY)
     if identity_policy is None or autz_policy is None: