Hope others find this comment helpful.
After some try and error, our team found that when authorizing with openid in the scope, getTokenSilently() will return a JWT.
Although that’s what we wanted, this behaviour does not match past discussions here, neither is this clearly documented.
I have submitted a feedback ticket.