Hi there @taschmidt, welcome to the Auth0 Community!
This is a great question - I was able to do a little research on this but the specific behavior is still a bit confusing to me as well. It looks like in some SDKs we do check the exp of the ID token whereas in some we don’t. It seems to be a lack of parity on our end, but there’s also a general sentiment that we shouldn’t care about the expiration anyways. Basically once the client receives the ID token (generally immediately after the user authenticates), validates the token and gets/saves the users information the token is no longer useful.
There’s some internal discussion on parity, but this is about all I have for now. I’m not entirely sure this answers your question, but hopefully the information is somewhat useful!