NGINX JWT authentication validating specific JWT Claims (iss, aud etc)

Question

Want NGINX to authenticate incoming requests based on an OAuth2 token INCLUDING validating specific token claims e.g. "aud" audience claim, "iss" issuer