Should I send the id token from my SPA to my rest backend?

I have a SPA app which is backed by a rest api server.

I use Auth0 for authentication and authorization using the implicit grant flow.
All the examples I read explain that i should send the access token which I receive to the api for authorization purpose. For example :

On the other hand, I read that access token cannot be used as a proof for authentication:
Thread Safe: The problem with OAuth for Authentication. End User Authentication with OAuth 2.0 — OAuth

That means, I cannot trust the sub claim on my access token to be sure that this is indeed the user and not another client that send its access token. Meaning, if i would use facebook as the IDP, another web app could send an access token issued to its use by the user to my server and because access tokens don’t have an aud claim, my server would think that the user is authenticated in my web app. Moreover , I see that google sign in indeed guide the spa to send an id token to the server: Mit einem Back-End-Server authentifizieren  |  Authentication  |  Google Developers

So : Should I send both the id token(for authetication) and the access token(for authorization) to my server ?

As it has been more than a few months since this topic was opened, and there has been no reply or further information provided as to the existence of the issue, we are closing this topic. Please don’t hesitate to create a new topic if this issue is still present, we would be happy to work with you to help find a resolution.