What's Changed

• Bump cryptography from 41.0.4 to 41.0.6 by @dependabot in https://github.com/vimalloc/flask-jwt-extended/pull/535
• Do not check JWT_TOKEN_LOCATION when testing if cookie_csrf_protect is enabled by @vimalloc in https://github.com/vimalloc/flask-jwt-extended/pull/538

Full Changelog: https://github.com/vimalloc/flask-jwt-extended/compare/4.5.3...4.6.0

What's Changed

• Typos by @dwinton-go in https://github.com/vimalloc/flask-jwt-extended/pull/514
• Replace "defining" with "define" by @lewisemm in https://github.com/vimalloc/flask-jwt-extended/pull/517
• Fix documentation syntax error by @dtalkachou in https://github.com/vimalloc/flask-jwt-extended/pull/519
• remove duplicate comments by @Abyssknight in https://github.com/vimalloc/flask-jwt-extended/pull/522
• Support python 3.12 and add support for flask 3.0 by @vimalloc in https://github.com/vimalloc/flask-jwt-extended/pull/527

New Contributors

• @dwinton-go made their first contribution in https://github.com/vimalloc/flask-jwt-extended/pull/514
• @lewisemm made their first contribution in https://github.com/vimalloc/flask-jwt-extended/pull/517
• @dtalkachou made their first contribution in https://github.com/vimalloc/flask-jwt-extended/pull/519
• @Abyssknight made their first contribution in https://github.com/vimalloc/flask-jwt-extended/pull/522

Full Changelog: https://github.com/vimalloc/flask-jwt-extended/compare/4.5.2...4.5.3

• Fix documentation for stable build. No code changes were made in this release.

No changes from the 4.5.0 tag, I just forgot to update the __version__ which causes issues with publishing the release. This corrects that issue and bumps the version to 4.5.1.

What's Changed

• Updated typing of expires_delta and fresh by @eMaerthin in https://github.com/vimalloc/flask-jwt-extended/pull/510
• Allow selective disabling of blocklist check by @indrajeet307 in https://github.com/vimalloc/flask-jwt-extended/pull/501

New Contributors

• @eMaerthin made their first contribution in https://github.com/vimalloc/flask-jwt-extended/pull/510
• @indrajeet307 made their first contribution in https://github.com/vimalloc/flask-jwt-extended/pull/501

Full Changelog: https://github.com/vimalloc/flask-jwt-extended/compare/4.4.4...4.5.0

• Fix compatibility with flask version 2.3 (#493). Huge shout out to @jrast for taking on the bulk of this work!

Full Changelog: https://github.com/vimalloc/flask-jwt-extended/compare/4.4.3...4.4.4

• Documentation improvements ( #470). Thanks @Udit107710!
• Drop support for python 3.6 (flask no longer supports 3.6, so following suite here)
• Add option to include current_user in jinja templates by default (#478)
• Fix mypy type checks for current_user (#488)

Full Changelog: https://github.com/vimalloc/flask-jwt-extended/compare/4.4.2...4.4.3

What's Changed

• Fix mypy explicitly mark exported names #484 (thanks @KSmanis)
• Fix verify_type being set to False by default in verify_jwt_in_request() #483

Full Changelog: https://github.com/vimalloc/flask-jwt-extended/compare/4.4.1...4.4.2

What's Changed

• Documentation improvements (thanks @udoyen)
• Fix PEP 561 compatibility #480 (thanks @KSmanis)

Full Changelog: https://github.com/vimalloc/flask-jwt-extended/compare/4.4.0...4.4.1

Overview

• Drop support for Flask 1
  • This decision comes because flask 1 is no longer being supported upstream and a recent dependency change they released made it difficult to continue testing both versions for compatibility.
• Add verify_type argument to view decorators to allow accepting both refresh & access tokens #460 (thanks @tgross35)
• Adds type hinting and MyPy support
• Documentation improvements (thanks @wjjmjh and @Udit107710)
• Relax dependency pinning for cryptography package (#467)

• Allow Flask-JWT-Extended to work with new Cryptography versioning scheme (#452)

• Allow overriding cookies domain at runtime (#446). Thanks @bejito!
• Better compatibility with flask 1.x.x and 2.x.x (#440). Thanks @StefanVDWeide
• Documentation updates (#443, #444). Thanks @killthekitten and @juur

• Fix compatibility with Flask 1.x.x that was broke with the 4.2.2 release (see #437). Thanks @j178 for pointing this out!

• Added async support to jwt_required view decorator (#436). Thanks @StefanVDWeide!
• Minor documentation improvements. Thanks @rohitsanj-jovian!

• Update Flask-JWT-Extended to work with flask 2.x.x. (#427).

• Add JWT_ENCODE_NBF configuration option to allow disabling the NBF claim during token creation. Thanks @magnunleno! #416
• Add a new get_jwt_request_location() function to determine where a token was parsed from in a request (useful for implicit token refresh with cookies). Thanks @sammck! #420
• Fix wrong error message in edge case with current user in non-decorated route. #408
• Fix JWT in headers followed by a comma raises IndexError #347
• Fix edge cases where @jwt_required(optional=True) was treating a request as if there was jwt present instead of handling the InvalidHeaderError. #421
• Add a JWT_QUERY_STRING_VALUE_PREFIX configuration option. #421
• Update error messages to provide more helpful information to callers when they are sending in a token in an unexpected way.

• Allow JWT type to be things besides refresh or access (#401). Any type that is not refresh will be considered an access token. Thanks @sambonner for the PR!
• Allow locations kwarg for jwt_required() to be a string (#394)
• Minor documentation improvements

• Properly include requirements.txt in the manifest.

• No changes from 4.0.0, this release is purely to fix some github actions and documentation builds

This release contains many months of work and lots of breaking changes. For full details, please see: https://flask-jwt-extended.readthedocs.io/en/stable/v4_upgrade_guide/