Fernet tokens all start with a plaintext string of either "F00" or "F01" indicating either "version 0" (normal unscoped and scoped tokens) or "version 1" (trust-based tokens). That versioning lies outside of the integrity-verified portion of the token, and is thus susceptible to manipulation by end users.
With only two token versions, this doesn't present any issues that I'm aware of, but to harden ourselves against the future, we should move that versioning information into the integrity-verified portion of the message. Otherwise, we carry of risk of future implementations inadvertently introducing privilege escalation vulnerabilities, a means for end users to disable authorization checks by supplying older versions, etc, etc.
In addition, the format prefix was originally intended to make it easier for remote clients (keystonemiddleware.auth_token) to parse apart and validate tokens without going back to talk to Keystone. Since that's not the plan here (Fernet tokens must be validated with Keystone, since that's the only place where the encryption keys are accessible), the entire format prefix ("F00" / "F01") can be dropped, as long as Keystone can still validate the tokens it's issuing.
Fix proposed to branch: master /review. openstack. org/162031
Review: https:/