Comment 5 for bug 1484237

Doing a little more investigation, and I seem to be hitting something with revocation_events.

When the script executes as expected, I get a token from Keystone, delete the token, and the GET on that token returns a 404 Not Found, a new revocation event is added to the revocation_event table.

When the script doesn't execute as expected, and the deleted token is still validated by Keystone, no revocation events are added to the Keystone table. I think this probably has more to do with revocation events not working properly than Fernet, but Fernet tokens have to rely on the revocation API, it would directly effect it.

This will require a deeper investigation of revocation events.