To access the user settings endpoints, an access token issued by your IdentityServer implementation with the scope admin_ui_public.

This access token must have been issued on behalf of a user and contain a sub claim.

Authorization Rules

In order to use the user settings endpoints, the requesting user, must be the same as the users being updated. Otherwise, a 403 Forbidden will be returned.

This is matched using the sub claim issued within the requesting access token.