I agree with Dolphm - the design is that either you need a domain-scoped token or you need to explicitly provide a domain as a parameter.....both of which will, of course, be checked against policy
I agree with Dolphm - the design is that either you need a domain-scoped token or you need to explicitly provide a domain as a parameter.....both of which will, of course, be checked against policy