Should jwt web token be encrypted?

Question

I was reading article on JWT web token as an access token that is being response to the user. Some of it mention that the web token should be able to be decoded by the user.

Answer 1

A token contains user data and acts like a temp storage. It is not good to store sensitive data in a token.

At the first level, you should store the user name and maybe role or something like that. You should not include passwords, so it does not need to be encrypted. Nevertheless, you can encrypt it if you want.