Well sort of, there are two types of JWT, JWS (signed tokens) and JWE (encrypted tokens). Since the twitch API assumes that “a server can securely store a token” I would probably not want to have it in a form that the user can decode/decrypt, even though I technically wouldn’t be storing it on the server in that case.