Setting the require and verify in the options does not actually make pyjwt verify those claims, they are simply ignored by pyjwt. If you wanted to do those verifications, you would need to decode the token first, and manually check if the keys are present
Issue is here: https://github.com/mattupstate/flask-jwt/blob/master/flask_jwt/__init__.py#L78-L91
Setting the require and verify in the options does not actually make pyjwt verify those claims, they are simply ignored by pyjwt. If you wanted to do those verifications, you would need to decode the token first, and manually check if the keys are present