Identifies the party that issued the token, usually the name or URL of the auth server. On verification, check it matches the expected issuer.