When using OIDC with MLE, after getting the id_token from the nested JWT and decrypting, the resulting id_token is missing the issued at (iat) claim.
According to the OIDC specifications this is a required claim, (see: Final: OpenID Connect Core 1.0 incorporating errata set 1) and the current implementation I’m using for validation fails due to its absence.
Is the missing iat claim something expected, and should I go with an implementation which slightly deviates from the specs, or is this a temporary issue/bug, or am I missing some configuration changes?