Which user's jwt token belongs to, how can only data belonging to that user's be retrieved?

Most likely in the v4, though maybe not in the initial stable release, it will be a focus for us.