Ordering of JWT_TOKEN_LOCATION

[stephendwolff]

The JWT_TOKEN_LOCATION is a flexible addition to getting JWTs to work in various scenarios, however i'm working with an iOS developer where we have an API connection (via the header tag), and we are also using cookies for an in-app browser connection.

Cookies are checked first - in _decode_jwt_from_request (https://github.com/vimalloc/flask-jwt-extended/blob/854bc2ed5dfa8a6e5ec6e7de25a2c1a5a18bff44/flask_jwt_extended/view_decorators.py#L247 - rather than respecting the order of the JWT_TOKEN_LOCATION list (or set).

If i work on a PR, is there anything i should be aware of? Is this a crazy idea?

[vimalloc]

That's a neat idea, I can't think of any problems that would arise from implementing it. If you can get a PR for this I would be more then happy to help out as needed and get it merged / released.

Thanks for checking! 👍

[stephendwolff]

ok great - i think i have something, just working on a test - in 'test_multiple_token_locations'

[vimalloc]

Fix #256 released in version 3.20.0. Thanks for contributing! 👍