Just wanted to confirm something related to Flask-JWT using PyJWT library. Back in 2015 (https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/) vulnerability issue was found with PyJWT.
I'm not sure if that has been fixed now for Flask-JWT or still have to do a work around? Can't find much information out there.
Does anyone know anything about this?
The original Flask-JWT library is no longer maintained, and for any reason you shouldn't use such libraries unless there's no alternative.
It seems the PyJWT library that it depends already has the fix, and Flask-JWT specifies a sufficient version in the dependency.
Anyway, here's an up-to-date alternative that I found: https://github.com/vimalloc/flask-jwt-extended