We're using the VerifyJWT policy to unpack a JWT request token. use of
"iat" in a request token is optional for our use case, but if it is
present we want to verify that it has the correct format.If I make iat a
NumericString date as per rfc7519 (e.g...