response_require_iss - how to use?

[areqq]

In changeling of release 2.4.16.1:

• replace multi-provider .conf issuer_specific_redirect_uri boolean with response_require_iss boolean
  to require the Provider to pass the iss value in authorization responses, mitigating the OP mixup attack

Can you explain what's going on and how to use response_require_iss ?

[zandbelt]

see https://www.ietf.org/archive/id/draft-ietf-oauth-v2-1-11.html#section-7.13