JSON Web Token

Is everything correct in this authorization process?

Hello. Briefly, the situation is as follows: there is an application that stores information about users and their access rights for various projects (web applications). The actual process of user authorization on these services involves the following steps:
1. The user accesses the service.
2. Redirected to the central application for authorization.
3. Enters login and password.
4. The central application creates a JWT token, which contains the user's access level for a specific project (I'm guessing, bound by IP, or something similar).
5. The application redirects the user back to this service along with the token.
6. The token is validated and placed in cookies for the user. On subsequent requests to the service, authorization occurs by the token stored in cookies until its validity period expires.
Actually, I have a question about the fifth point, namely how to redirect a user with a token to the service. It is assumed that in the future some information about the user can be placed in the token, therefore (and not only) passing the token in the query string confuses me (maybe I'm wrong). In this regard, it comes to mind to submit a certain form (POST) with the transfer of a token in the request body, but through a redirect I don’t really know how to do this.
So, it turns out that after a successful login, I need to render a form (invisible to the user), which is automatically sent to the client via JS (well, leave a spare link if the latter is turned off). For some reason it all seems like a bicycle to me. That's exactly why I'm asking.
Thank you.