allow Numeric for iat field on OIDC tokens

[mitchellhenke]

A partner reported having issues with the iat field from I suspect the changes in #4504. ruby-jwt allows Numeric instead of integer (https://github.com/jwt/ruby-jwt/blob/master/lib/jwt/verify.rb#L48), so my hunch is that we're receiving a Float.

[aduth]

Makes sense 👍

For additional consideration, here or otherwise:

• Should we update error texts to remove reference to "must be an integer", since it can now be a non-integer numeric?
• Irrespective if this is causing issues for partners that didn't occur previously, should we want to only allow integer timestamps?
• Test coverage for whatever we decide

[mitchellhenke]

Should we update error texts to remove reference to "must be an integer", since it can now be a non-integer numeric?

Yep, updated in 202b887

Irrespective if this is causing issues for partners that didn't occur previously, should we want to only allow integer timestamps?

I don't have a lot of concern about floats in this case since we're not doing any math on them beyond truncating to integer and doing a comparison. I think it'd be fine to restrict to integers if we gave some advance warning.

Test coverage for whatever we decide

This was more difficult than anticipated since our JWT encoding library used in the tests doesn't allow floats to be encoded, though it will be supported in the next release: jwt/ruby-jwt#327