How does the Jwt tokens work and Errorcode IDX12709

Question

I implemented a Github project and don't understand how the user and the key system for Jwt work. I now have a secret-key which is located in the AppSettings and when the user logs in, the following function is executed:

private string GenerateJwtToken(string username)
{
   var tokenHandler = new JwtSecurityTokenHandler();
   var key = Encoding.ASCII.GetBytes(_appSettings.token);
   var tokenDescriptor = new SecurityTokenDescriptor
   {
      Subject = new ClaimsIdentity(new[] { new Claim("username", username) }), //<-
      Expires = DateTime.UtcNow.AddMinutes(30),
      SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
   };
   var token = tokenHandler.CreateToken(tokenDescriptor);
   return tokenHandler.WriteToken(token);
}

So if I get it right then I generate here the token for the logged in user but what does the line with the username mean? After that I store the username and the token inside the sessionStorage and if I trigger some other Controller where the [Authorize] attribute is defined, I add followed Header with the fetch:

headers: {
   'Content-type': 'application/json',
   'Authorization': `Bearer ${sessionStorage.getItem("token")}`,
},

Then it first run into this functions:

public async Task Invoke(HttpContext context, IAuthService authService)
{
   var token = context.Request.Headers["Authorization"].FirstOrDefault()?.Split(" ").Last();
   if (token != null)
      attachUserToContext(context, authService, token);
   await _next(context);
}

private void attachUserToContext(HttpContext context, IAuthService authService, string token)
{
   try
   {
      var tokenHandler = new JwtSecurityTokenHandler();
      var key = Encoding.ASCII.GetBytes(_appSettings.Secret);
      tokenHandler.ValidateToken(token, new TokenValidationParameters //<- Error
      {
         ValidateIssuerSigningKey = true,
         IssuerSigningKey = new SymmetricSecurityKey(key),
         ValidateIssuer = false,
         ValidateAudience = false,
         ClockSkew = TimeSpan.Zero
      }, out SecurityToken validatedToken);
      var jwtToken = (JwtSecurityToken)validatedToken;
      var userId = int.Parse(jwtToken.Claims.First(x => x.Type == "username").Value);
      context.Items["User"] = "user";
   }
   catch
   {
      // do nothing if jwt validation fails
      // user is not attached to context so request won't have access to secure routes
   }
}

So here it validates that the token from the Header is not null and then it tries to do what!? Also why is again the username used here?

When it run the ValidateToken function it return a error: IDX12709: CanReadToken() returned false. JWT is not well formed: '[PII of type 'System.String' is hidden

https://github.com/cornflourblue/dotnet-5-jwt-authentication-api/tree/279c8058669bbfa59902a4473f62e5371167340c