Security notes
==============

- This package does not verify JWT signatures. Tokens are used only for expiry
  checks and transport.
- ``JsonFileTokenCache`` is not suitable for production. Use
  ``KeyringTokenCache`` where possible.
- Keep TLS verification enabled unless you are in a controlled development
  environment.