* Add `JWT_ENCODE_NBF` configuration option to allow disabling the NBF claim during token creation. Thanks magnunleno! 416
* Add a new `get_jwt_request_location()` function to determine where a token was parsed from in a request (useful for implicit token refresh with cookies). Thanks sammck! 420
* Fix wrong error message in edge case with current user in non-decorated route. 408
* Fix JWT in headers followed by a comma raises IndexError 347
* Fix edge cases where `jwt_required(optional=True)` was treating a request as if there was jwt present instead of handling the `InvalidHeaderError`. 421
* Add a `JWT_QUERY_STRING_VALUE_PREFIX` configuration option. 421
* Update error messages to provide more helpful information to callers when they are sending in a token in an unexpected way.