How do we set the jwt token in the header? I've been looking for a while now and can't seem to find an answer. I get how to grab the token from the auth header and use it to authenticate the requests as per this article and others similar to it https://www.prisma.io/tutorials/authentication-in-apollo-server-ct21/ but they are always manually setting the auth header with the bearer token.

In an frontend application, usually you will preserve that token in the localstorage and then you will add it the headers of each request. Most request client provide a mechanism to set the headers. Example: https://www.apollographql.com/docs/react/recipes/authentication/#header

Is it not unsafe practice to store auth token in localstorage?

No, it is not. Each method has some security implications but it is certain a good enough way to persist auth state

I was originoally going to do as the example you provided suggests but I came across many articles saying firstly that it's unsafe to store it in localstorage and secondly not to even be using jwt since you're going to have to set up a refresh/acess token along with a black list and at that point you're just recreating sessions

Yes, those are the security implications that you need to work around if you website is driven by user input. Even cookies are vulnerable to CSRF attacks. A good localstorage based auth system like the ones that firebase and auth0 provides are certainly secure. But if you are aiming for like 100% secure system, use cookies as they are battle tested with a session store.