I’ve successfully set up the SSO integration with Okta in Temporal Web and added custom logic in authorizer and claim mapper. But for internal traffic like from other services to the frontend service, the incoming requests do not carry any auth headers by default. How to embed token/credential into such cluster internal requests then? Or how to tell if the request is from cluster inside or outside? I noticed that tctl allows to pass in token via environment variable but not sure for other scenarios. Thanks a lot!