I would presume that the OnAuthentication and the action itself run in the same session, so could you use session variables?
For our customer portal we have also made a custom JWT authentication, and we only check the JWT in the actions itself, not using OnAuthentication. This means having to duplicate the checking code in every method, but at least the values inside the JWT are available then.
For you scenario, it seems that just removing the OnAuthentication solves your problem?