Introduction to OAuth and OpenID Connect
Fleeting- External reference:
20210826-Introduction-to-OAuth-and-Opocl OAuth 2.1, OpenID Connect
relying party does not need to check the Identity Token
Because it got it from the back channel in a trusted way.
You need to validate it in case you stored it and get it back (to check it remains the same) or when being given one from a third party.
Identity Token is implementation dependant
You might want to end up using the userinfo endpoint instead.