2
The JWT allows us through the method unless inform Urls and request methods that no authentication should be required.
But as far as I know it is necessary to do this when Middleware is informed to Expressjs already in the early stages of configuration.
It is possible to inform late, when defining routes in other modules to exempt subroutes from authentication.