Using flask-login request_loader, we can validate jwt tokens.
This allows to use the same decorators for the web UI (using cookies)
and the API (using JWT) as well as the current_user local proxy.