Return JWT in response body and as cookie

[mattbodman]

I have a legacy api which uses Pyramid remember/forget with auth_tkt. I now need to also use this api to authenticate users using JWT. Thanks to your module, I have converted the legacy app to use JWT with cookies and it works great. However, the new app requires me to extract the JWT somehow and pass it to a subsequent auth system. I cannot access the JWT on the client from the cookie because it is secure. So I'm wondering if it's possible to return the JWT in the response body (as well as in the cookie). Is that possible?