User authentication and authorization in the plugin

In our plugin we need to know, if a user is permitted to access the plugins content.

I went through the plugin tutorial and got a pretty good impression how to write a plugin for COYO. However, what is still a bit unclear to me is how the authentication and authorization works in the plugin. I saw in the tutorial that you get passed a JWT token from COYO with the plugin adapter. For me it looks like the authentication and authorization in the plugin can be done with this token and the email address of the user, because the JWT is signed with the COYO certificate.

Am I right in assuming that I can use the signed JWT for authentication?