5.2.1 authenticates edited + expired tokens

[rsleyland]

Upgraded to 5.2.1 and as long as any Authorization token is in the headers the request will succeed.

Therefore expiry time is not working and I can also edit the JWT and still be verified.

Downgraded back to 5.2.0 and all is working perfectly

[gazzenger]

I am having the same, issue, I originally bumped to 5.2.1 due to the bugfix for #600
I will have to await a fix

[Andrew-Chen-Wang]

This is resolved in 5.2.2 or downgrading to 5.2.0. Apologies for the troubles and delay. We did not think carefully about this merge.