When a JWT is expired, flask-jwt-extended should handle it and return 401 by default. Instead, it looks like some handler tries to give the flask-jwt-extended handler a different kind of data.
The result is that when a token has expired, the user can't get any new information, because their token is expired, and they also can't log back in because the website is expecting a 401 or 403 error to initiate a login. The user must manually clear their cookies at this point to be able to do anything.
I cannot find another case of this error. The closest I have I've found is this issue that flask-jwt-extended can have with flask-restful: https://github.com/vimalloc/flask-jwt-extended/issues/20. However, we aren't using flask-restful, so I'm not sure what the issue could be.
When a JWT is expired, flask-jwt-extended should handle it and return 401 by default. Instead, it looks like some handler tries to give the flask-jwt-extended handler a different kind of data.
The result is that when a token has expired, the user can't get any new information, because their token is expired, and they also can't log back in because the website is expecting a 401 or 403 error to initiate a login. The user must manually clear their cookies at this point to be able to do anything.
I cannot find another case of this error. The closest I have I've found is this issue that flask-jwt-extended can have with flask-restful: https://github.com/vimalloc/flask-jwt-extended/issues/20. However, we aren't using flask-restful, so I'm not sure what the issue could be.