To access the user settings endpoints, an access token issued by your IdentityServer implementation with the scope
This access token must have been issued on behalf of a user and contain a
In order to use the user settings endpoints, the requesting user, must be the same as the users being updated. Otherwise, a
403 Forbidden will be returned.
This is matched using the
sub claim issued within the requesting access token.