Comment 0 for bug 1433372

The safe_quote() method, which happens unconditionally on verify_token in keystone auth_token middleware, doesn't seem to work when being used with Fernet, PKI, or PKIz tokens [1]. This method modifies the token [2] before passing it to Keystone, and in the Fernet case, the token_formatter is unable to decrypt the token. This is not apparent with UUID formatted tokens because they are UUID safe, given uuid.uuid4().hex.

[1] https://github.com/openstack/keystonemiddleware/blob/d436ec737a4ecfe653d934c6f4a71f411b7f9cc2/keystonemiddleware/auth_token/_utils.py#L16-L18
[2] http://cdn.pasteraw.com/5q54as6rz3ifmj1vpj1rsoisuoxpb91