JWT expiration check

[Scurrra]

Motivation:

Doing a project I found this library for easy oauth. Because of lack of experience in the field I decided to learn how the library works. I had a big question on how jwts work, especially in this library. While doing this I found out that there is no check if the token is expired. I added this check to OAuth2Backend.authenticate. I also fixed deprecated datetime.utcnow() function.

All Submissions:

• Have you followed the guidelines in our Contributing document?
• Have you checked to ensure there aren't other open Pull Requests for the same update/change?

Changes to Core Features:

• Have you added an explanation of what your changes do and why you'd like us to include them?
• Have you updated the documentation related to the changes you have made?
• Have you written new tests for your core changes, as applicable?
• Have you successfully run tests with your changes locally?

[ArtyomVancyan]

Hi @Scurrra, thanks for pointing it out. I suggest changing the UTC alias with timezone.utc as it is not available in all versions of the datetime package.

[ArtyomVancyan]

@Scurrra, you requested me a review, but I requested a few changes before merging (you shouldn't click "Resolve", you should do "Commit suggestion"). I will wait for your update. Also, I didn't get what was wrong with the old datetime.utcnow(). Isn't that the same as what you suggested (datetime.now(UTC))?

[Scurrra]

you should do "Commit suggestion"

My bad, sorry.

datetime.utcnow() will be deprecated.

[Scurrra]

I don't know is it my fault or not, but playground is broken.

Probably this is because of troubles with OAUTH2_GITHUB_CLIENT_ID in playground, which wasn't affected by me.

Update: same with github auth option.

[ArtyomVancyan]

It was a missdeployment issue, I have fixed it. Thanks for letting me know. Also, it could not be your fault, as these changes haven't been released yet :)