is it a best practice to allow the update of user info user an access token obtained by a client in a client_credentials grant_type ? or it should a user\'s one ?
in
