[bornfreddy]

How else could frontend read them? If you don't need this then regular cookies are better.

[lmc]

It's the other way round - the front-end shouldn't need to read JWTs, just pass them on.

[mosdave]

if your frontend is interrogating the jwt you're doing it wrong

[nijave]

Isn't it pretty common to read the expiration so you know when to refresh tokens?

[bornfreddy]

It is, among other things like username or user e-mail address.

This is also, together with backend scalability, a major selling point for JWTs. Otherwise one might just as well use regular session ids in cookies.