Provide all possible means for validating
The application that receives the token must verify that the audience value is correct and reject any tokens intended for a different audience.Example SAML Value: Indicates how the subject was authenticated, as opposed to the client in the Application Authentication Context Class Reference claim.
Example JWT Value: Provides object IDs that represent the subject's group memberships.
Because bearer tokens do not have a built-in mechanism to prevent unauthorized parties from using them, they must be transported in a secure channel such as transport layer security (HTTPS).
If a bearer token is transmitted in the clear, a man-in the middle attack can be used to acquire the token and gain unauthorized access to a protected resource.
You can use the claims in an id_token as you see fit - commonly they are used for displaying account information or making access control decisions in an app.
Id_tokens are signed, but not encrypted at this time.