Get Access Token - External Identity Provider - Claims and type supported

Hello API Platform Team,

I am trying to use the client assertions - signed jwt authentication.
I followed the instructions, but I would like to use an external identity provider to generate the tokens instead of doing it on the application itself.
And I noticed that this identity provider makes use of the ‘iss’ claim in tokens issued.

Is it mandatory that the claim ‘iss’ should contain the API Key?
Note: I tried with one of the c# examples and I got an error when replacing the ‘iss’ with something else (“my-identity-provider”), and I would like to know if there is any workaround for this situation.

{
  "iss": "my-identity-provider",
  "sub": "my-apikey",
  "jti": "2e373277-2ff5-416f-a6cc-33baefb181e7",
  "nbf": 1753765391,
  "exp": 1753765451,
  "aud": "https://sandbox.api.service.nhs.uk/oauth2/token"
}

Within the token’s header, is JWT the only value permitted for the ‘typ’ field, or is AT+JWT also an accepted type?

{
  "alg": "RS256",
  "kid": "E92307B3F70909F40A7533981A34B05A66D21DA1",
  "x5t": "6SMHs_cJCfQKdTOYGjSwWmbSHaE",
  "typ": "at+jwt"
}

Thanks you.

@alejandromamani There is no work around for this you have to pass iss as API key as it will be the issuer of JWT and we do not support 3rd party identity providers. At the moment only Jwt is allowed as typ.