Attaching the token to a request
So now we've created our token. We now need to pass it to the user so they can send it back on future requests to authenticate themselves on protected routes.
The canonical way of passing a JSON web token is to add it as an HTTP header, which is basically meta data that you can attach to a request. You could also add the token to the body or attach it as a cookie, but we'll be using the header.