Which user's jwt token belongs to, how can only data belonging to that user's be retrieved?