Flask-jwt-extended

* Adds support for using multiple algorithms for decoding JWTs. Thanks Darkheir! (254)

* Fix `JWT_SESSION_COOKIE = False` creating a cookie that was too long in the future for some browsers (243). Thanks allen-cook!

* Fixes an issue when using `decode_token` on an expired token. This issue was introduced in `3.16.0`. (234)
* Require PyJWT `1.6.4` or newer (238)

* Add the ability to dynamically set user claims via the new `user_claims` argument to `create_access_token` and `create_refresh_token` functions (229). Thanks jeanphix
* Add ability to use other datetime libraries for the token expiration configuration options. Anything that works with `datetime.datetime` (such as `dateutil`) will now work with extension (233). Thanks abathur

* Add the ability to use an integer (seconds) for the `JWT_ACCESS_TOKEN_EXPIRES` and `JWT_REFRESH_TOKEN_EXPIRES` settings. (226) Thanks evangilo!

This release changes how the `jwt.expired_token_loader` callback function works. Before this release the callback function took no arguments. Now it will take one argument which is the decoded contents of the expired token. This lets you customize the expired token callback based on the token that was received. For example:

python
Old way
jwt.expired_token_loader
def old_expired_callback():
return jsonify(foo='bar'), 401

New way
jwt.expired_token_loader
def new_expired_callback(expired_token):
if expired_token['type'] == 'access':
return jsonify(foo='bar'), 401
else:
return jsonify(foo='baz'), 401


**The old way will still work**, updating to this version will not break your software out from under you. You will however receive a deprecation warning when using that way. To fix this, simply add an addition argument to your callback function for the expired token.