4.1.0

• Allow JWT type to be things besides refresh or access (#401). Any type that is not refresh will be considered an access token. Thanks @sambonner for the PR!
• Allow locations kwarg for jwt_required() to be a string (#394)
• Minor documentation improvements