Can you provide the details what you’re doing with the ID token in the backend exactly? Is it used for authorization? Or to get user information in the backend?
Just to confirm: are you passing both the ID and access token to the backend?
(The auth0.js SDK provides a way to get the raw ID token as opposed to the auth0-spa-js at the moment, but this might change if there are enough valid use cases that show that providing the raw ID token might make sense, then the SDK might be changed in this regards. Therefore, you’re input on the details of the use case is valuable for us.)