Fernet isn't an algorithm. It's a user-proof library for doing authenticated AES encryption; it is essentially Python's answer to Rails' MessageEncryptor, and has had more success than MessageEncryptor at becoming a standard for its ecosystem.
The real lesson here though: don't get cryptography advice from SANS. Cryptography is a specialized field; SANS is pretty close to the opposite of that.
Yep, it's a wrapper around some cryptographic primitives that is fairly misuse-resistant. It's not hard to screw up using the individual primitives in such a way that you lose the desirable cryptographic properties (for example, not authenticating the IV, making the plaintext vulnerable to CBC bitflip attacks); it's harder to screw up using Fernet.
When would someone use this over libsodium(Or libhydrogen? Is that considered secure yet?)? It seems python-specific. I love python, but I'm a fan of universal standards.
Not sure the linked project is the up to date one.
I regularly use the 'cryptography' package that has a 'Fernet' object in 'cryptography.fernet'.
And it is in cryptography so I trust they maintain it at least a bare minimum.
It is an amazing blackbox that assures me I can just provide a key and a ciphertext and rest easy that my data is correctly decrypted and autehnticated !
The real lesson here though: don't get cryptography advice from SANS. Cryptography is a specialized field; SANS is pretty close to the opposite of that.