diff --git a/jwt/api_jwt.py b/jwt/api_jwt.py
index fa4d5e6f..3a201436 100644
--- a/jwt/api_jwt.py
+++ b/jwt/api_jwt.py
@@ -419,11 +419,11 @@ def _validate_iss(self, payload: dict[str, Any], issuer: Any) -> None:
         if "iss" not in payload:
             raise MissingRequiredClaimError("iss")
 
-        if isinstance(issuer, Sequence):
-            if payload["iss"] not in issuer:
+        if isinstance(issuer, str):
+            if payload["iss"] != issuer:
                 raise InvalidIssuerError("Invalid issuer")
         else:
-            if payload["iss"] != issuer:
+            if payload["iss"] not in issuer:
                 raise InvalidIssuerError("Invalid issuer")
 
 
diff --git a/tests/test_api_jwt.py b/tests/test_api_jwt.py
index 7cc583bd..ec68a079 100644
--- a/tests/test_api_jwt.py
+++ b/tests/test_api_jwt.py
@@ -464,6 +464,16 @@ def test_raise_exception_token_without_issuer(self, jwt):
 
         assert exc.value.claim == "iss"
 
+    def test_rasise_exception_on_partial_issuer_match(self, jwt):
+        issuer = "urn:expected"
+
+        payload = {"iss": "urn:"}
+
+        token = jwt.encode(payload, "secret")
+
+        with pytest.raises(InvalidIssuerError):
+            jwt.decode(token, "secret", issuer=issuer, algorithms=["HS256"])
+        
     def test_raise_exception_token_without_audience(self, jwt):
         payload = {"some": "payload"}
         token = jwt.encode(payload, "secret")