I'm new to this API so bear with me, but currently I'm using the example node.js code from the documentation to test getting user authorization codes. When I run the example code I successfully receive an access and refresh token, however when I try to make a /me/top/artists request I get a 403 Forbidden response. I've tried it with two different accounts, each in my User Management dashboard, to no avail. Below is the JS from the example showing how I formatted my scopes, incase there is an error. I've also included the python attempting to make the request, which has worked for me with non-user requests fine.

app.get('/login', function(req, res) {

  var state = generateRandomString(16);
  res.cookie(stateKey, state);

  // your application requests authorization
  var scope = 'user-read-private user-read-email';
  res.redirect('https://accounts.spotify.com/authorize?' +
    querystring.stringify({
      response_type: 'code',
      client_id: client_id,
      scope: 'user-read-private playlist-read-private playlist-read-collaborative user-top-read user-read-recently-played',
      redirect_uri: redirect_uri,
      state: state
    }));
});

def topPicks(time_range: str, limit: str):
    print(token)
    url = 'https://api.spotify.com/v1/me/top/artists?time_range=' + time_range + '&limit=' + limit + '&offset=0'
    auth = 'Bearer ' + token
    headers = {'Authorization': auth}
    r = requests.get(url, headers=headers)