The trusted context assertion is signed and encrypted by STS. It provides access to sts:identity_context claim in the idToken without JWT parsing
sts:identity_context
idToken