Is CSRF token still required in code, if we have implemented JWT based authentication and authorization?
CSRF is Cross-Site Request Forgery, which is an attack type, which forces authenticated users to execute something. For example, if you allow a GET request to be sent and do operations, like
https://your.site.com/delete-user/123
then, if this is allowed, someone may send you a link to this and if you open it, then the user will be removed on your behalf. So JWT will not protect you from JWT perse, you will need CSRF tokens to do so.
Don't forget that POST requests can be fabricated similarly, for example, if you embed a malicious Javascript file by accident that sends a POST request which is not to your liking, then the same kind of forgery could be possible.
So, in general it makes sense to have a CSRF token mechanism, a token generated each time a page is to be displayed, the token being expected on the next non-GET request and making sure that GET requests will not perform such changes as removing, editing content or so, but changing the acceptable request type for those to POST or something of the like.