Programmatically authenticating SharePoint on-premises with OIDC protocol

I am trying to authenticate users from an external Idp to SharePoint Subscription Edition using OIDC protocol. 

I have set up the SharePoint farm as per the article:

Set up OIDC authentication in SharePoint Server with Microsoft Entra ID - SharePoint Server | Microsoft Learn

I have obtained the token from the Idp in exchange of the code. The token has multiple parts: access_token, token_type, expires_in and id_token (which is a signed jwt that contains basic attributes about the user and it is signed using the RS256 algorithm).

After obtaining the token, how do I authenticate to SharePoint?

I tried sending a request to a protected resource with Authentication header. Do I use access_token or the id_token in the bearer token? I have tried both and gets 401 Unauthorized.

Any idea how to authenticate?