Pick a general flow that easy to implement. It is arguably the most popular one.
So it starts with the Client sending a login request to the server.
The server checks the credentials provided by the user, if the credentials are right, it creates a JSON Web Token (JWT).
It responds with a success message (HTTP Status 200) and the JWT.
The client uses this JWT in all the subsequent requests to the user, it provides this JWT as an Authorization header with Bearer authentication scheme.
When the server, receives a request against a secured endpoint, it checks the JWT and validates whether the token is generated and signed by the server or not.
If the validation is successful, the server responds accordingly to the client.
Pick a general flow that easy to implement. It is arguably the most popular one.