It looks like I have fixed that issue by accident today. I noticed, that the access_token I received was an opaque token and only the id_token was a JWT. Then I cam across this FAQ page: Why is my access token not a JWT? (Opaque Token)
After calling the endpoint with the audience parameter, both tokens were returned as JWT’s and the access_token includes all the information I would expect.
Best,
Christian