1 thing, https://github.com/driftingruby/051-rails-api-authentication-with-jwt/blob/master/app/controllers/user_token_controller.rb

your controller doesn't include before_action :authenticate_user!

I have this line in my applicationcontroller which is causing issue:

class ApplicationController < ActionController::Base

  protect_from_forgery with: :exception

  before_action :authenticate_user!

 end

But i need this line for my web form to be authenticated!