To access the user settings endpoints, an access token issued by your IdentityServer implementation with the scope admin_ui_public
.
This access token must have been issued on behalf of a user and contain a sub
claim.
In order to use the user settings endpoints, the requesting user, must be the same as the users being updated. Otherwise, a 403 Forbidden
will be returned.
This is matched using the sub
claim issued within the requesting access token.