implement jwt in angular2/4

I am trying to implement jwt in an angular4 app (server side is codeigniter). Header and payload can be easily created for each request. However can someone help me figure out how/where to keep the private key used to generate the signature from client side. If I keep it in any js file, it can easily be seen by the client, and consequently they can start calling APIs without even signing in.

Another alternative I thought was I can generate a random key or token each time user signs in, and for all subsequent requests, signature can be generated using this token. However, I was thinking of making this token refresh after every 5 minutes, which means that in 2 'almost' simultaneous requests, there may be a race condition causing one request to expire the signature of the other, resulting in logging out of the user.

I am not looking for the exact code, but just some idea regarding the recommended implementation.