This implies that a v2 API user must have v3 domain-level authorization.
> if the server is V3 enabled and requires a domain token, there is no way for a V2 client to get a domain token
correct
> when a V2 server requires a domain token
a v2-aware service would have no knowledge of domains, anyway
> when a V2 server requires a domain token, it presumably wants a token that is not bound to a particular project; that is exactly what an unscoped token is in V2
a domain-scoped token is a completely discrete concept from a project-scoped token, so this expectation would be invalid. further, unscoped tokens in v2 are analogous to unscoped token in v3, not to any other scoping concept in v3
This implies that a v2 API user must have v3 domain-level authorization.
> if the server is V3 enabled and requires a domain token, there is no way for a V2 client to get a domain token
correct
> when a V2 server requires a domain token
a v2-aware service would have no knowledge of domains, anyway
> when a V2 server requires a domain token, it presumably wants a token that is not bound to a particular project; that is exactly what an unscoped token is in V2
a domain-scoped token is a completely discrete concept from a project-scoped token, so this expectation would be invalid. further, unscoped tokens in v2 are analogous to unscoped token in v3, not to any other scoping concept in v3