Yes, you need to pass ID token. bad request in the sense, it seems you are missing the parameter to be sent to the server. can you check all the required? I mean the headers, body etc.,
and make sure that is a post request. Make sure the tenant name is also correct
Can you confirm, the ID token is generated in the last 30 minutes or before?