Fix `_validate_iat` validation (#847)

* Fix `_validate_iat` validation

* Add test and update changelog

3 files changed, 9 insertions, 2 deletions

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 3c69338..12117ec 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -16,6 +16,7 @@ Fixed
 ~~~~~
 
 - Add classifier for Python 3.11 by @eseifert in `#818 <https://github.com/jpadilla/pyjwt/pull/818>`_
+- Fix ``_validate_iat`` validation by @Viicos in `#847 <https://github.com/jpadilla/pyjwt/pull/847>`_
 
 Added
 ~~~~~
diff --git a/jwt/api_jwt.py b/jwt/api_jwt.py
index fd8a8bf..5664949 100644
--- a/jwt/api_jwt.py
+++ b/jwt/api_jwt.py
@@ -265,9 +265,8 @@ class PyJWT:
         now: float,
         leeway: float,
     ) -> None:
-        iat = payload["iat"]
         try:
-            int(iat)
+            iat = int(payload["iat"])
         except ValueError:
             raise InvalidIssuedAtError("Issued At claim (iat) must be an integer.")
         if iat > (now + leeway):
diff --git a/tests/test_api_jwt.py b/tests/test_api_jwt.py
index d74973d..24ed240 100644
--- a/tests/test_api_jwt.py
+++ b/tests/test_api_jwt.py
@@ -227,6 +227,13 @@ class TestJWT:
         with pytest.raises(ImmatureSignatureError):
             jwt.decode(jwt_message, secret, algorithms=["HS256"])
 
+    def test_decode_works_if_iat_is_str_of_a_number(self, jwt, payload):
+        payload["iat"] = "1638202770"
+        secret = "secret"
+        jwt_message = jwt.encode(payload, secret)
+        data = jwt.decode(jwt_message, secret, algorithms=["HS256"])
+        assert data["iat"] == "1638202770"
+
     def test_decode_raises_exception_if_nbf_is_not_int(self, jwt):
         # >>> jwt.encode({'nbf': 'not-an-int'}, 'secret')
         example_jwt = (