The ID Token in the first example of CIBA 10.3. Push Callback / 10.3.1. Successful Token Delivery is missing the _hash and auth_req_id claims that the text a few paragraphs below says must be there. It also has nonce, which shouldn't be there. And it should probably match up with the decoded claims in the example below. Also the refresh_token and access_token values really should be longer (and then the _hash values redone) and if changes are being made in this area then may as well do that too.
The ID Token in the first example of CIBA 10.1.1. Successful Token Response has nonce, which shouldn't be there.