Yep, it's a wrapper around some cryptographic primitives that is fairly misuse-resistant. It's not hard to screw up using the individual primitives in such a way that you lose the desirable cryptographic properties (for example, not authenticating the IV, making the plaintext vulnerable to CBC bitflip attacks); it's harder to screw up using Fernet.
It's just a simple format specification using standard crypto primitives.
> AES in CBC mode with a 128-bit key for encryption; using PKCS7 padding.
> HMAC using SHA256 for authentication.