Istio End User Authentication

We plan to use istio for end user authentication and find out the isser field is required when creating a policy with end user authentication. Since we are using our own token provider, we would like to know how istio use this issuer field to verify the token? Does the payload have to come with an ‘iss’ field that match the isser defined in the policy?
And besides please let me know if there are more required or recommended fields to generate the tokens ?

Yes that is correct. Token should have iss field populated