I've studied a couple of JWT auth plugins and notice the current user is being set in either the rest_api_init action:

add_action( 'rest_api_init', function () {
  wp_set_current_user($token->user_id);
});

Or in the determine_current_user filter:

add_filter( 'determine_current_user', function ($user_id) {
  return $token->user_id;
});

Any advice as to which one is better? I've tested with both and they seem to have the same effectiveness.