Invenio-oauth2server

- Allow bypassing CSRF checks when using bearer tokens.

- Deprecated Python versions lower than 3.6.0. Now supporting 3.6.0 and 3.7.0.
- Minimum version of Invenio-Accounts bumped to v1.2.1 due WTForms moving the
email validation to an optional dependency.
- Maximum version of Sphinx set to 3 (lower than) due to an error with
working outside the application context.
- Maximum version of SQLAlchemy-Utils set to 0.36 due to breaking changes
with MySQL (VARCHAR length).

- Provides compatibility with werkzeug 1.0.0 for flask_oauthlib

- Deprecated Python versions lower than 3.6.0. Now supporting 3.6.0 and 3.7.0.
- Minimum version of Invenio-Accounts set to v1.1.4 due WTForms moving the
email validation to an optional dependency.
- Minimum version of Flask-BableEx set to v0.9.4 due Werkzeug breaking imports.
- Minimum version of oauthlib set to v2.1.0.
- Maximum version of Sphinx set to 3 (lower than) due to an error with
working outside the application context.
- Maximum version of SQLAlchemy-Utils set to 0.36 due to breaking changes
with MySQL (VARCHAR length).

- Removes updating the ``expires`` for personal tokens.
- Removes ``OAUTH2_PROVIDER_TOKEN_EXPIRES_IN`` from configuration.

- Restrict oauthlib to latest v2.
- Restrict requests-oauthlib lower than 1.2.0 because of oauthlib 3.