by Benjamin Maerkle.
I had a similar problem where id_token was missing. My issue was that the client_id was not configured correctly on my tool's database, which caused the JWT to not decrypt properly. So, double-check the client_id on your tool's database. Also, it may help to remove and remake the tool configuration from Moodle, and then double-check the client_id again (since it would have changed when you remade the tool).