0👍
Your flow sounds right to me. You can use a token in the query params of the url like:
http://yoursite.com/user/verify/?token=<some-token>
or even in the url like:
http://yoursite.com/user/verify/<some-token>
Then in server, you can extract the token from the url, verify it, and act on it. JWT is a good scheme to have data embedded in tokens.
Source:stackexchange.com