flask-jwt-extended

• Better error messages when using a different header name than 'Authorization'

• Fix using alternative header names. There was an option for alternate header names before, but it was hard coded to look for JWTs under the default 'Authorization' header.

• Switch to semantic versioning
• Set PROPAGATE_EXCEPTIONS=True. Should fix the extension when run in production

(minor release)

• Fix returned json when NoAuthorizationError is raised and cookies are being used to store the JWT

• Removes option identity_lookup kwarg in create_access_token() function, introduced in 0.0.7. Now uses the decorator @jwt.user_identity_loader to perform this functionality. This is a breaking change.

• create_access_token() now defaults to non-fresh tokens
• Adds a help method for logging out when using cookies to store the JWTs: unset_jwt_cookies()
• Allows passing complex objects into the create_access_token() function, to prevent unnecessary duplicate disk lookups. See #11

• Fixes jwt_required (et al) decorators to work with flask-restless (and probably other frameworks as well)

• Better examples for common use cases
• Unify cookie API's (breaking change, set_refresh_cookie is now set_refresh_cookies)

• Fix csrf cookie paths, so javascript outside of that path can still access the csrf token.

• Adds support for storing JWTs in cookies, and CSRF protection
• Adds readthedoc documentation (thanks @rlam3)

• Remove unused code
• Add support for custom authorization headers
• Fix decoding for non-default algorithm
• Updated examples