Comment 18 for bug 1577558

I don't think this impacts liberty because in liberty the fernet provider was technically still it's *own* provider. When Fernet tokens were originally introduced, the provider inherited the BaseProvider class from keystone.token.providers.common.py but it overrode a lot of the methods provided because it needed to do specific things [0]. This resulted in differences in the token responses depending on if the token being validated was a fernet token or a uuid token. One of the top priorities for the Mitaka release was to consolidate the duplicated methods in the Fernet provider into the BaseProvider. This is where the bug comes from because the Fernet provider had to use a couple hooks in order to pull the attributes needed out of the v2 token request. The logic that pulled the attributes was wrong about audit_ids and it wasn't tested against v2.

I'll pull down the latest liberty branch and test this locally.

[0] https://github.com/openstack/keystone/blob/stable/liberty/keystone/token/providers/fernet/core.py#L41