I tried to decode the encrypted token in jwt.io, it says invalid signature and garbled output. There is no error while generating the token. I am also trying Joken to generate the JWT token
In your initial post you talk only about encryption. In your second post, you say the signature is invalid. What operations are you applying?
One usual secure scheme is to sign then encrypt the payload, which must contain the issuer and the audience of the token. Are you implementing a standard or are you rolling out your own crypto?
Also, encryption is exclusively done with symmetric encryption. Asymmetric keys can be used to generate such symmetric keys (ECDH-ES alg for instance). This is why in JWEs you have both the "alg" and "enc" fields. Which algorithms do you use exactly?
Is this approach for sending transparent parameters instead of an encrypted token by URL? In case I want an opaque token by URL, could I use only the encryption part without singing? Any contra-indication?
Definitely not a good idea unless you know all the details of the crypto you are using. One of the neat example given is that, in some cases (depends on the encryption algorithm chosen, IV, etc.) an attacker could change the ID in your encrypted token.
Feel free to tell more about what you’re trying to achieve. But the rule of thumb is: stick to the standard, that is sign-then-encrypt.