# flask-jwt-extended > Extended JWT integration with Flask - **URL**: https://www.freshcrate.ai/projects/flask-jwt-extended - **Author**: Lily Acadia Gilbert - **Category**: Frameworks - **Latest version**: `4.7.4` (2026-05-13) - **License**: MIT - **Source**: https://github.com/vimalloc/flask-jwt-extended - **Language**: Python - **GitHub**: 1,586 stars, 251 forks - **Registry**: pypi (`flask-jwt-extended`) - **Tags**: `flask`, `json`, `jwt`, `pypi`, `token`, `web` ## Description # Flask-JWT-Extended ### Features Flask-JWT-Extended not only adds support for using JSON Web Tokens (JWT) to Flask for protecting routes, but also many helpful (and **optional**) features built in to make working with JSON Web Tokens easier. These include: - Adding custom claims to JSON Web Tokens - Automatic user loading (`current_user`). - Custom claims validation on received tokens - [Refresh tokens](https://auth0.com/blog/refresh-tokens-what-are-they-and-when-to-use-them/) - First class support for fresh tokens for making sensitive changes. - Token revoking/blocklisting - Storing tokens in cookies and CSRF protection ### Usage [View the documentation online](https://flask-jwt-extended.readthedocs.io/en/stable/) ### Upgrading from 3.x.x to 4.0.0 [View the changes](https://flask-jwt-extended.readthedocs.io/en/stable/v4_upgrade_guide/) ### Changelog You can view the changelog [here](https://github.com/vimalloc/flask-jwt-extended/releases). This project follows [semantic versioning](https://semver.org/). ### Chatting Come chat with the community or ask questions at https://discord.gg/EJBsbFd ### Contributing Before making any changes, make sure to install the development requirements and setup the git hooks which will automatically lint and format your changes. ```bash pip install -r requirements.txt pre-commit install ``` We require 100% code coverage in our unit tests. You can run the tests locally with `tox` which ensures that all tests pass, tests provide complete code coverage, documentation builds, and style guide are adhered to ```bash tox ``` A subset of checks can also be ran by adding an argument to tox. The available arguments are: - py37, py38, py39, py310, py311, py312, pypy3 - Run unit tests on the given python version - mypy - Run mypy type checking - coverage - Run a code coverage check - docs - Ensure documentation builds and there are no broken links - style - Ensure style guide is adhered to ```bash tox -e py38 ``` We also require features to be well documented. You can generate a local copy of the documentation by going to the `docs` directory and running: ```bash make clean && make html && open _build/html/index.html ``` ## Recent releases | Version | Date | Urgency | Changes | | --- | --- | --- | --- | | `4.7.4` | 2026-05-13 | High | ## What's Changed * setup.py: bump PyJWT floor to >=2.11.0 to match the actual runtime requirement by @potiuk in https://github.com/vimalloc/flask-jwt-extended/pull/577 ## New Contributors * @potiuk made their first contribution in https://github.com/vimalloc/flask-jwt-extended/pull/577 **Full Changelog**: https://github.com/vimalloc/flask-jwt-extended/compare/4.7.3...4.7.4 | | `4.7.3` | 2026-05-08 | High | I'm skipping 4.7.2 because I forgot to bump the python version in code. This is the same as 4.7.2, with things setup correctly. Oops | | `4.7.1` | 2026-04-21 | Low | Imported from PyPI (4.7.1) | | `4.7.0` | 2024-11-18 | Low | ## What's Changed * Drop support for python 3.7 and 3.8, add 3.13 by @vimalloc in https://github.com/vimalloc/flask-jwt-extended/pull/559 * Fix documentation around identity needing to be a string by @vimalloc in https://github.com/vimalloc/flask-jwt-extended/pull/558 **Full Changelog**: https://github.com/vimalloc/flask-jwt-extended/compare/4.6.0...4.7.0 | | `4.6.0` | 2023-12-13 | Low | ## What's Changed * Bump cryptography from 41.0.4 to 41.0.6 by @dependabot in https://github.com/vimalloc/flask-jwt-extended/pull/535 * Do not check JWT_TOKEN_LOCATION when testing if cookie_csrf_protect is enabled by @vimalloc in https://github.com/vimalloc/flask-jwt-extended/pull/538 **Full Changelog**: https://github.com/vimalloc/flask-jwt-extended/compare/4.5.3...4.6.0 | | `4.5.3` | 2023-10-03 | Low | ## What's Changed * Typos by @dwinton-go in https://github.com/vimalloc/flask-jwt-extended/pull/514 * Replace "defining" with "define" by @lewisemm in https://github.com/vimalloc/flask-jwt-extended/pull/517 * Fix documentation syntax error by @dtalkachou in https://github.com/vimalloc/flask-jwt-extended/pull/519 * remove duplicate comments by @Abyssknight in https://github.com/vimalloc/flask-jwt-extended/pull/522 * Support python 3.12 and add support for flask 3.0 by @vimalloc in https://gi | | `4.5.2` | 2023-05-26 | Low | * Fix documentation for `stable` build. No code changes were made in this release. | | `4.5.1` | 2023-05-26 | Low | No changes from the 4.5.0 tag, I just forgot to update the `__version__` which causes issues with publishing the release. This corrects that issue and bumps the version to 4.5.1. | | `4.5.0` | 2023-05-26 | Low | ## What's Changed * Updated typing of expires_delta and fresh by @eMaerthin in https://github.com/vimalloc/flask-jwt-extended/pull/510 * Allow selective disabling of blocklist check by @indrajeet307 in https://github.com/vimalloc/flask-jwt-extended/pull/501 ## New Contributors * @eMaerthin made their first contribution in https://github.com/vimalloc/flask-jwt-extended/pull/510 * @indrajeet307 made their first contribution in https://github.com/vimalloc/flask-jwt-extended/pull/501 **Ful | | `4.4.4` | 2022-08-15 | Low | * Fix compatibility with flask version 2.3 (#493). Huge shout out to @jrast for taking on the bulk of this work! **Full Changelog**: https://github.com/vimalloc/flask-jwt-extended/compare/4.4.3...4.4.4 | ## Citation - HTML: https://www.freshcrate.ai/projects/flask-jwt-extended - Markdown: https://www.freshcrate.ai/projects/flask-jwt-extended.md - Dependencies JSON: https://www.freshcrate.ai/api/projects/flask-jwt-extended/deps _Generated by freshcrate.ai. Indexes pypi releases for AI-agent ecosystem packages._