Ability to choose between username- or email- based auth
Add option to set the JWT token argument name for the url (not always 'jwt', may be 'token', etc)
See Keyword Research - Moderately Critical - Cross Site Request Forgery (CSRF) - DRUPAL-SA-CONTRIB-2015-098
#622782: Text for custom theme says "Enter the numbers you hear"#1168740: Disable 3rd-party cookies in reCAPTCHA
Drupal is a registered trademark of Dries Buytaert.