paseto VS wp-graphql-jwt-authentication

Might I suggest Paseto (https://paseto.io/) - it solves a lot of the headaches of JWT. Signing and encryption are two different things that require two different sets of keys, so you can't mess it up.

(Full disclosure, I've written one implementation: https://github.com/auth70/paseto-ts)

Though we'll be building a session-based authentication system, it's noteworthy that with the introduction of some concepts which will be discussed in due time, you can turn it into JWT- or, more securely and appropriately, PASETO-based authentication system.

Time we ditch it and use paseto

The PASETO web site goes over it. Mostly it's designed to make you do things the right way and avoid all the security holes you can fall into with JWT.

If this is too much to handle, you shouldn't have to! There's already solutions that handle it for you

JWT authentication plugins: JWT WP REST and JWT WP GraphQL.

Let's start with installing WPGraphQL JWT Authentication. Open the link and Download the .zip from Github and add to your plugins directory, then activate the plugin. JWT uses a Secret token defined on the server to validate the signing of tokens. Generate your secret token from WordPress Secret Token and copy the NONCE_SALT. Next Step is to define the secret token. You can define a Secret in WordPress file wp-config.php or Or you can use the filter graphql_jwt_auth_secret_key to set a Secret. Add your secret token and paste below line in wp-config:

That's all you need to set up a NextJS app using a local WordPress site running in Docker containers. You can start developing the PHP and JavaScript for your project. What you do next is up to you. Figuring our deployment and authentication as well as coding the app will come next.