Meaningless replacing of slashes with dashes in PKI tokens

I completely agree - the methods doing the string manipulation don't give any clue behind the behavior either.

It's actually being done to ensure URL-safety, despite the existing presence of and lack of compatibility with the base64 module's URL-safe builtin methods:

  https://docs.python.org/2/library/base64.html#base64.urlsafe_b64encode

Yes, that incompatibility is the strangest thing to me

Unfortunately, we are stuck with it; changing it would break the working assumptions between Keystone server and client. I made that conversion as a simple way to get the Tokens to marshall via HTTP, and was guilty of not doing my homework. The newer PKIZ token format uses the Python base64 module to perform the url safe encoding. This is the version of tokens that wer are moving toward making standard, and removing the non-compressed, improperly base64 encoded version.

My main point was that it makes sense to make it at least properly documented (unlit PKI tokens get deprecated) as the line "signed_text = signed_text.replace('/', '-')" in keystoneclient.common.cms.cms_to_token looks like some arbitrary replacement.

+1 for documenting the behavior, along with pretty much everything else in keystoneclient.common.cms

Fix proposed to branch: master
Review: https://review.openstack.org/176230

Reviewed: https://review.openstack.org/176230
Committed: https://git.openstack.org/cgit/openstack/python-keystoneclient/commit/?id=d5a39ad14a7505b86df1818fa01abb4225b1be43
Submitter: Jenkins
Branch: master

commit d5a39ad14a7505b86df1818fa01abb4225b1be43
Author: Deepti Ramakrishna <email address hidden>
Date: Tue Apr 21 21:56:25 2015 -0700

    Document non-standard encoding of the PKI token.

    More details by the code author in his blog post at
    http://adam.younglogic.com/2014/02/compressed-tokens/.

    Change-Id: I35c5eca2e04a74236bd8c7fb6daab3ea46b59b0e
    Closes-Bug: #1352314