The ID token is guaranteed to be a JWT token that contains the user identifier as part of the sub claim. Given you can validate the ID token to ensure it comes from a trusted party you can then use the information contained within it to know for which user to perform the call.