I get this
there is no mechanism that ties the ID token to the client-API channel
But is there any such mechanism in the Access Token that allows me to use it to when sending requests from my frontend (React Web App) to my backend? Or should Access Tokens only be used between backends? If so, how will my backend ever know that I successfully sign in with (e.g.) Auth0/Google/Github or other IdP?