If you’re using the
auth0-spa-js, you don’t get the raw ID token in JWT (this just applies to the new
auth0-spa-js SDK, not the older
auth0.js), because the SDK always validates, decodes and extracts the payload for you, so you don’t have to worry about it. This was a design decision by the SDK development team, because usually the raw JWT is hardly needed, since the client is mostly directly interested in the token payload itself.
Or do you need the ID token as JWT for specific purposes?
You just get the access token in raw JWT format, but not the ID token, because the ID token is usually meant to be used on the client, therefore usually no need for the raw JWT, while the access token is meant to be passed on to the backend/API that you’d want to protect with it.