Quick question about division scoping. We’re running k6 load tests against multiple BPO tenants. I need the OAuth client restricted to specific divisions, but the token endpoint ignores the division_id in the payload.
POST /oauth/token
Content-Type: application/x-www-form-urlencoded
client_id=...&client_secret=...&grant_type=client_credentials&division_id=abc123
400 Bad Request: Invalid parameter: division_id
Is there a header I’m missing, or do I have to rotate tokens per division?