From 2e301857af7662520576133bbcde5ea9fa153a56 Mon Sep 17 00:00:00 2001
From: Stephen Finucane <stephenfin@redhat.com>
Date: Thu, 29 May 2025 19:08:18 +0100
Subject: [PATCH] docs: Add note about scoping on tokens

Change-Id: I4df74eaa1aa82fb8666bc1e6728b55a3e81bc76a
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
---
 doc/source/cli/authentication.rst | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/doc/source/cli/authentication.rst b/doc/source/cli/authentication.rst
index 8ed318f526..8c09fc3648 100644
--- a/doc/source/cli/authentication.rst
+++ b/doc/source/cli/authentication.rst
@@ -295,6 +295,15 @@ or, using environment variables:
 
        $ TOKEN=$(openstack token issue -f value -c id)
 
+.. note::
+
+    The above examples assume you require a project-scoped token. You can omit
+    the project-related configuration if your user has a default project ID set.
+    Conversely, if requesting domain-scoped or system-scoped, you should update
+    these examples accordingly. If the user does not have a default project
+    configured and no scoping information is provided, the resulting token will
+    be unscoped.
+
 ``v3totp``
 ~~~~~~~~~~