The need to secure tokens comes from a number concerns, any of which may apply to your particular use case:
- Integrity: Verify that the token has not been tampered with
- Authenticity: The origin of the token can be verified
- Non-repudiation: The authenticity and integrity of the token is verifiable by third parties
- Confidentiality: Token payload is kept secret from unauthorized parties
Understanding which security objectives we're after is the first step in selecting an appropriate JOSE algorithm.