Why is Encrypting an HMAC JWS/JWT redundant?

[daon]

I'm following this guide #114 and have a question about this section:

• JWE payloads can be anything, e.g. a JWT or JWS token, this is called a Nested JWT.
• Encrypting an HMAC JWS/JWT is redundant, use encryption with a symmetric secret instead. Either direct or key wrap based.
• Do not use Public/Private key pair schemes when you're both the issuer and recipient, better use direct symmetric encryption in such case.

What does that mean when you're both the issuer and recipient?
That I shouldn't create a nested JWT? Or should the JWS be signed using another algorithm then HMAC?

Thanks in advance!

[panva]

What does that mean when you're both the issuer and recipient?

That means when I both produce and consume the tokens. I issue them for my own later use.

Why is Encrypting an HMAC JWS/JWT redundant?

Because you achieve all of Confidentiality, Integrity, and Authenticity with a direct or KW symmetric encryption. So, if you intend to encrypt a JWS that you both produce and consume, you may skip signing it with HMAC and simply encrypt it with your secret.