Welcome to the Auth0 Community!
This flow sounds generally correct. The only thing I’m seeing is that you are sending both the Access Token and ID Token to your backend. Typically, the ID token is not meant to be consumed by the backend, and would instead be used by the client to populate the user’s profile info etc.
I would suggest taking a look at this doc, it is very similar to your set up:
Also if you have any specific questions, I’m happy to answer them.