Authlib

We have dropped support for Python 2 in this release. We have removed
built-in SQLAlchemy integration.

**OAuth Client Changes:**

The whole framework client integrations have been restructured, if you are
using the client properly, e.g. ``oauth.register(...)``, it would work as
before.

**OAuth Provider Changes:**

In Flask OAuth 2.0 provider, we have removed the deprecated
``OAUTH2_JWT_XXX`` configuration, instead, developers should define
`.get_jwt_config` on OpenID extensions and grant types.

**SQLAlchemy** integrations has been removed from Authlib. Developers
should define the database by themselves.

**JOSE Changes**

- ``JWS`` has been renamed to ``JsonWebSignature``
- ``JWE`` has been renamed to ``JsonWebEncryption``
- ``JWK`` has been renamed to ``JsonWebKey``
- ``JWT`` has been renamed to ``JsonWebToken``

The "Key" model has been re-designed, checkout the [JSON Web Key](https://docs.authlib.org/en/latest/jose/jwk.html#jwk-guide) for updates.

Added ``ES256K`` algorithm for JWS and JWT.

**Breaking Changes**: find how to solve the deprecate issues via https://git.io/JkY4f

- Make Authlib compatible with latest httpx
- Make Authlib compatible with latest werkzeug
- Allow customize RFC7523 `alg` value

Security fix when JWT claims is None.

For example, JWT payload has `iss=None`:


{
"iss": None,
...
}


But we need to decode it with claims:


claims_options = {
'iss': {'essential': True, 'values': ['required']}
}
jwt.decode(token, key, claims_options=claims_options)


It didn't raise an error before this fix.

Fixed `.authorize_access_token` for OAuth 1.0 services, via https://github.com/lepture/authlib/issues/308

Fixed httpx authentication bug via 283

Backward compitable fix for using JWKs in JWT, via 280.