Scopes
To access the user settings endpoints, an access token issued by your IdentityServer implementation with the scope admin_ui_public
.
This access token must have been issued on behalf of a user and contain a sub
claim.
Authorization Rules
In order to use the user settings endpoints, the requesting user, must be the same as the users being updated. Otherwise, a 403 Forbidden
will be returned.
This is matched using the sub
claim issued within the requesting access token.
Read
To see what claims a user can edit, and their current values, you can call GET on the /UserSettings/{subject}
endpoint.
This will return the following json:
"subject": "string",
"claims":
"type": "string",
"value": "string"
Update
To update a users claims, you can call PUT on the /UserSettings
endpoint.
"subject": "string",
"claims":
"type": "string",
"value": "string"