• [Fix] Invalid validation of audience claim. #72
• [Enhancement] Verify that decoded header and payload are JSON objects. #66
• [Enhancement] Use constant time string comparison routine from hmac module. #64
• [Enhancement] Add base exception InvalidTokenError for invalid tokens. #60
• [Enhancement] Allow datetime.timedelta for leeway argument. #56

Pending Deprecation

The following exceptions have been marked for deprecation in favor of a renamed one to follow a better convention and will be removed in the next major version release.

• ExpiredSignature will be deprecated in favor of ExpiredSignatureError.
• InvalidAudience will be deprecated in favor of InvalidAudienceError.
• InvalidIssuer will be deprecated in favor of InvalidIssuerError.

Thanks to @mark-adams and @wbolster for all the work and feedback that went into this release.