Error 401 Unauthozied when connecting to hybrid rails 7 using Devise-JWT

Question

I'm working on a Rails 7 application in which I have two models, User and Customer. User was created with Devise and Customer was created with Devise and Devise-JWT. I'm using the revocation strategy with a jti attribute for Customer, because I use my application as an API only for Customer.

When I try to connect as a Customer, I get a 401 Unauthorized error. Curiously, I can only sign-in when I send the Authorization Header with the Bearer token I got in the sign-up response.

However, this is not the expected behavior. I'd like to be able to log in as a Customer with just email and password, without needing to send a token at sign-in.

Here are the relevant parts of my current code:

My devise.rb configuration:

# ==> API Configuration
  # Configuration for JWT (JSON Web Token) authentication (Customers Only)
  config.jwt do |jwt|
    jwt.secret = Rails.application.credentials.fetch(:secret_key_base)
    jwt.dispatch_requests = [
      ['POST', %r{^/api/v1/sign_in$}]
    ]
    jwt.revocation_requests = [
      ['DELETE', %r{^/api/v1/sign_out$}]
    ]
    jwt.expiration_time = 30.minutes.to_i
  end

My routes.rb:

namespace :api do
    namespace :v1 do
      defaults format: :json do
        devise_for :customers,
        path: '',
        path_names: {
          sign_in: 'sign_in',
          sign_out: 'sign_out',
          registration: 'sign_up'
                   },
                   controllers: {
                     sessions: 'api/v1/customers/sessions',
                     registrations: 'api/v1/customers/registrations'
                   }
      end
    end
  end

My customers SessionsController:

module Api
  module V1
    module Customers
      class SessionsController < Devise::SessionsController
        skip_before_action :verify_authenticity_token, only: [:create, :destroy]
        respond_to :json

        private

        def respond_with(resource, _opts = {})
          render json: {
            status: { code: 200, message: 'Logged in sucessfully.' },
            data: CustomerSerializer.new(resource).serializable_hash[:data][:attributes]
          }, status: :ok
        end

        def respond_to_on_destroy
          render json: {
            status: 200,
            message: "Logged out successfully"
          }, status: :ok
        end
      end
    end
  end
end

My Customer model:

class Customer < ApplicationRecord
  include Devise::JWT::RevocationStrategies::JTIMatcher

  after_create :welcome_send

  # Include default devise modules. Others available are:
  # :confirmable, :lockable, :timeoutable and :omniauthable
  devise :database_authenticatable, :registerable,
         :recoverable, :rememberable, :validatable, :trackable,
         :jwt_authenticatable, jwt_revocation_strategy: self

...
end

My application_controller.rb:

class ApplicationController < ActionController::Base
end

My app/config/application.rb:

class Application < Rails::Application
    # Initialize configuration defaults for originally generated Rails version.
    config.load_defaults 7.0
...
end

Could someone help me understand why I'm getting this error and how I can change my configuration to allow login with only email and password?