JWT (RFC7519) is just a compact way to safely transmit claims from an issuer to the audience over HTTP.
JWT can be:
- signed (JWS – RFC7515)
- encrypted (JWE – RFC7516)
- signed then encrypted (this order is highly recommended). The whole JWS is the payload of the JWE
- encrypted then signed.
It makes sense to encrypt a JWS if you want to keep sensitive information hidden from the bearer (client) or third parties.
The real questions are: does the audience support JWE? If yes, which algorithms are supported?