Macaroons, like cookies, are a form of bearer credential.
Unlike opaque tokens, macaroons embed caveats that define
specific authorization requirements for the target service,
the service that issued the root macaroon and which is
capable of verifying the integrity of macaroons it recieves.
Macaroons allow for delegation and attenuation of authorization.
They are simple and fast to verify, and decouple authorization policy
from the enforcement of that policy.
This is a Python implementation of Macaroons.