The safe_quote() method, which happens unconditionally on verify_token in keystone auth_token middleware, doesn't seem to work when being used with Fernet, PKI, or PKIz tokens [1]. This method modifies the token [2] before passing it to Keystone, and in the Fernet case, the token_formatter is unable to decrypt the token. This is not apparent with UUID formatted tokens because they are UUID safe, given uuid.uuid4().hex.
The safe_quote() method, which happens unconditionally on verify_token in keystone auth_token middleware, doesn't seem to work when being used with Fernet, PKI, or PKIz tokens [1]. This method modifies the token [2] before passing it to Keystone, and in the Fernet case, the token_formatter is unable to decrypt the token. This is not apparent with UUID formatted tokens because they are UUID safe, given uuid.uuid4().hex.
[1] https:/ /github. com/openstack/ keystonemiddlew are/blob/ d436ec737a4ecfe 653d934c6f4a71f 411b7f9cc2/ keystonemiddlew are/auth_ token/_ utils.py# L16-L18 cdn.pasteraw. com/5q54as6rz3i fmj1vpj1rsoisuo xpb91
[2] http://