Ho to implement authentication? 

I'm wondering if I save JWT as httpOnly cookie in browser,will it be secure enough? Or do I need to implement an extra anti-CSRF token to each form?
A sample user user authentication/authorization code will be much appreciated. 
