Don't disagree with your assessment of Auth0. My nit would be the RFC for JWT says quite plainly that there's nothing wrong with storing sensitive data in a JWT so long as it is safeguarded.
That said I don't see much advantage to using a JWT to store anything beyond claims & id.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Don't disagree with your assessment of Auth0. My nit would be the RFC for JWT says quite plainly that there's nothing wrong with storing sensitive data in a JWT so long as it is safeguarded.
That said I don't see much advantage to using a JWT to store anything beyond claims & id.