3.12.1

• Requires cryptography >= 2.3 in response to https://nvd.nist.gov/vuln/detail/CVE-2018-10903

3.12.0

• Add ability to get the JWT from the JSON body of the request (#173). Thanks @luord!!

3.11.0

• Adds new JWT_ERROR_MESSAGE_KEY option to change the JSON key on the default error messages (#160)

3.10.0

• Adds new JWT_CLAIMS_IN_REFRESH_TOKEN configuration option, which if set to true will cause the user claims to be loaded into refresh tokens as well as access tokens (#100).

3.9.1

I forgot to actually increase the version number on the 3.9.0 release. Whoops. Nothing new from 3.9.0 minus a the version number fix.

3.9.0

• Allows passing JWTs in via the query string (#117). Note that in most cases this is not a great idea, see the documentation as to why.
• Break out code to verify JWTs in a request into helper functions. This allows you to easily create your own decorators that utilize this extension (such as a role_required decorator), or hook up functionality to a flask before_request. (#131)

3.8.2

• Allow option to unset access and refresh cookies independently of each other (#148)

3.8.1

• Fixes JSON encoder added in 3.8.0 (#140)

3.8.0

• Default to the Flask JSON encoder and allows for custom JSON encoders for encoding JWTs (#139)

3.7.2

• Fixes a CSRF error when using jwts in cookies and the @jwt_optional decorator (#129)