So you have google as your IDP, but you are generating the token yourself with your own private key. The way OIDC works is that Tyk will call the IDP discovery URL (So the google accounts service) to verify the token with the kid against their JWK document. That means you need to generate the token using Google’s auth service (e.g. Google+).
Also, in OIDC the aud claim is the client ID of the application doing the requesting, so it would be an OAuth client ID or similar.
In your APi definition, for some reason you have put a public key and random UR:L’s as the client IDs?
It think there’s a misunderstanding on how OIDC works, here’s some reading: