Comment 1 for bug 1208639

Revision history for this message
Dolph Mathews (dolph) wrote :

This implies that a v2 API user must have v3 domain-level authorization.

> if the server is V3 enabled and requires a domain token, there is no way for a V2 client to get a domain token

correct

> when a V2 server requires a domain token

a v2-aware service would have no knowledge of domains, anyway

> when a V2 server requires a domain token, it presumably wants a token that is not bound to a particular project; that is exactly what an unscoped token is in V2

a domain-scoped token is a completely discrete concept from a project-scoped token, so this expectation would be invalid. further, unscoped tokens in v2 are analogous to unscoped token in v3, not to any other scoping concept in v3