Cross-Domain between NodeJs website and WordPress website with JWT

Question

I have 2 different domains for NodeJS app and WordPress website hosted on different hosts.

The NodeJS app send the user's email to the WordPress domain on Google SSO login to create a user and log him in automatically without the need to create an account on the WordPress.

The user gets registered but when I open the website of the WordPress I don't find myself logged-in and I'm using Google Tab On plugin on the WordPress and I'm okay with any alternatives

  try {
            // Register user on Node.js
            const userData = {
                username: 'john doe',
                email: googleUser.email,
            };

            // Send user data to WordPress for registration
            const response = await axios.post('https://wordpress_domain.shop/wp-json/nodejs/v1/register-endpoint', {
                user: userData,
            });

            // Check if user registration on WordPress was successful
            if (response.data.success) {
                // Generate a JWT token
                const token = jwt.sign(userData, process.env.JWT_SECRET);

                // Perform an AJAX request to log in the user on the WordPress site
                await axios.post('https://wordpress_domain.shop/wp-json/nodejs/v1/login-endpoint', {
                    token: token,
                });

            }
        } catch (error) {
            console.error('Error sending data to WordPress:', error);
        }

WordPress/PHP

add_action('rest_api_init', 'register_custom_endpoints');

function register_custom_endpoints()
{
    register_rest_route('nodejs/v1', '/register-endpoint', array(
        'methods' => 'POST',
        'callback' => 'handle_user_registration',

    ));

    register_rest_route('nodejs/v1', '/login-endpoint', array(
        'methods' => 'POST',
        'callback' => 'handle_user_login',

    ));
}

function handle_user_registration($data)
{
    $username = sanitize_text_field($data['user']['username']);
    $email = sanitize_email($data['user']['email']);

    // Check if the user already exists
    $user_id = username_exists($username);
    if (!$user_id && email_exists($email) == false) {
        // User doesn't exist, create a new one
        $user_id = wp_create_user($username, wp_generate_password(), $email);

        // Log the user in
        wp_set_auth_cookie($user_id);

        return rest_ensure_response(array('success' => true, 'message' => 'User registered successfully.'));
    } else {
        return rest_ensure_response(array('success' => false, 'message' => 'User already exists.'));
    }
}

function handle_user_login($data)
{
    $token = $data['token'];

    // Verify the JWT token
    $decoded = jwt_verify($token);

    if ($decoded) {
        // Get user data from the decoded token
        $username = $decoded['username'];
        $email = $decoded['email'];

        // Log in the user
        $user = get_user_by('email', $email);
        wp_set_auth_cookie($user->ID);

        return rest_ensure_response(array('success' => true, 'message' => 'User logged in successfully.'));
    } else {
        return rest_ensure_response(array('success' => false, 'message' => 'Invalid token.'));
    }
}

// Helper function to verify JWT
function jwt_verify($token)
{
    $secretKey = 'testingtoken';

    try {
        $decoded = jwt_decode($token, $secretKey, array('HS256'));
        return $decoded;
    } catch (Exception $e) {
        return false;
    }

}