← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1491926] [NEW] Remove padding from Fernet tokens

 

Public bug reported:

In bug 1433372, we determined that we should percent encode Fernet
tokens, because the padding characters (=) aren't considered URL safe by
some RFCs.

We also fail some tempest tests because clients sometimes decode or
encode responses [0]. We should just remove the padding, that way
clients don't have to worry about it. When we go to validate a token, we
can determine what the padding is based on the length of the token:

missing_padding = 4 - len(token) % 4
if missing_padding:
    token += b'=' * missing_padding

[0] http://cdn.pasteraw.com/es3j52dpfgem4nom62e7vktk7g5u2j1

** Affects: keystone
     Importance: Undecided
     Assignee: Tom Cocozzello (tjcocozz)
         Status: New


** Tags: fernet

** Tags added: fernet

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1491926

Title:
  Remove padding from Fernet tokens

Status in Keystone:
  New

Bug description:
  In bug 1433372, we determined that we should percent encode Fernet
  tokens, because the padding characters (=) aren't considered URL safe
  by some RFCs.

  We also fail some tempest tests because clients sometimes decode or
  encode responses [0]. We should just remove the padding, that way
  clients don't have to worry about it. When we go to validate a token,
  we can determine what the padding is based on the length of the token:

  missing_padding = 4 - len(token) % 4
  if missing_padding:
      token += b'=' * missing_padding

  [0] http://cdn.pasteraw.com/es3j52dpfgem4nom62e7vktk7g5u2j1

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1491926/+subscriptions


Follow ups