WordPress and JWT with custom API Rest Endpoint

You should add permission_callback parameter when registering a new route.

    add_action('rest_api_init', function ($data) {        register_rest_route('mladi-info/v1', '/user/favorites',             array(                'methods' => 'GET',                'callback' => 'mi_get_favorite_posts',                'permission_callback' => function ($request) {                        if (current_user_can('edit_others_posts'))                        return true;                 }             )        );    });

JWT Auth plugin will supply user object to permission_callback function, based on the token value from the header, and all you need to do is to work out some "permission logic" inside that function, which will return a bool value.

In the solution that I posted, callback allows access to REST endpoint only if the user that accessed it, has 'edit_others_posts' capability - which is the case for administrators and editors.

The actual way to use the JWT-auth plugin when it comes to protecting a endpoint is just prefixing it with the right namespace, then you send a Bearer header token so that can successfully access the resource.

In your case it would be:

add_action('rest_api_init', function ($data) {    register_rest_route('jwt-auth', 'mladi-info/v1/user/favorites', [        'methods' => 'GET',        'callback' => 'mi_get_favorite_posts'    ]);});

Then simply send an authenticated request towards that endpoint remember to send your Bearer token you got by using the /token endpoint (the one you send your username and password to get back the jwt token) in your headers. ie.

fetch('https://your-domain.com/wp-json/jwt-auth/mladi-info/v1/user/favorites', {    method: 'GET'    mode: 'cors',    headers: {      'Authorization': `Bearer ${jwt-token}`    },});