diff --git a/integrationTests/basic/jwt_auth.test.js b/integrationTests/basic/jwt_auth.test.js
index df2703b..3c24e5a 100644
--- a/integrationTests/basic/jwt_auth.test.js
+++ b/integrationTests/basic/jwt_auth.test.js
@@ -44,7 +44,7 @@ function mockGithubOIDCResponse(aud= "https://github.com/hashicorp/vault-action"
         ref_type: "branch",
         job_workflow_ref: "hashicorp/vault-action/.github/workflows/workflow.yml@refs/heads/main",
         iss: 'vault-action',
-        iat: now,
+        iat: now - 60,
         nbf: now,
         exp: now + 3600,
     };
diff --git a/src/auth.js b/src/auth.js
index 47dbfcc..6120c7f 100644
--- a/src/auth.js
+++ b/src/auth.js
@@ -88,8 +88,8 @@ function generateJwt(privateKey, keyPassword, ttl, iat) {
     const now = rsasign.KJUR.jws.IntDate.getNow();
     const payload = {
         iss: 'vault-action',
-        iat: now,
-        nbf: now - iat,
+        iat: now - iat,
+        nbf: now,
         exp: now + ttl,
         event: process.env.GITHUB_EVENT_NAME,
         workflow: process.env.GITHUB_WORKFLOW,