[tytytytytytytyt]

> but will using JWT to keep the user logged in instead of sessions/cookies

You can't use JWT without cookies, or local storage (which is effectively the same here), so that makes no sense.

> Also, I do not plan on opening the API to other sites, so OAuth is unnecessary. Is my understanding correct?

You're still so vague that it's hard to answer. If you want to authenticate them, you can use OAuth. But no, it's not necessary to authenticate them with any one auth service...

[amend]

I updated my question so it’s more clear. The update is relavent to your first point.

By local storage do you mean storage on the client or server? I thought a benefit of jwt is not having to store anything on the server, is this correct?

[elago]

"Local storage" is the name of something most web browsers implement https://www.w3schools.com/html/html5_webstorage.asp

[tytytytytytytyt]

That's not really a benefit. If it's on the server it's far more secure, unless you've messed that up, and you have less/no issues with running out of space on the server.