在 angular-auth-oidc-client 的官方文档中，有关于“disableIatOffsetValidation”选项的如下说明：

Setting this option to true disables the check of the "iat" (issued at) claim of a received token. The check is responsible for determining whether a token is valid or has already expired. By default, this check is performed on every received token to prevent attacks in which an attacker forges an old token that was previously issued.

Disabling the check can be a serious security concern, especially when tokens are generated on external identity providers (IDPs) that cannot be trusted or are not under your control. You should only disable this check if you are sure that the token issuing process cannot be influenced by outside threats, and that no token tampering can occur.

即，将“disableIatOffsetValidation”选项设置为true会禁用对接收到的令牌的“iat”（发行时间）声明的检查。检查负责确定令牌是否有效或已过期。默认情况下，对每个接收到的令牌执行此检查，以防止攻击者伪造以前发出的旧令牌。

禁用此检查可能是一个严重的安全问题，特别是当令牌由不可信或不受您控制的外部身份提供者（IDP）生成时。仅当您确定令牌发行过程不能受到外部威胁的影响，且不存在令牌篡改时，才应禁用此检查。

因此，建议不要禁用 iat 验证，除非确实有特殊需要。若确实需要禁用它，可以在创建 OidcSecurityService 实例时传递一个参数：

const oidcConfig: OidcConfigService = {
  ...
  disableIatOffset