This function should only be used from public controller methods where no
existing session exists, for example, when loolwsd is directly calling a
public method with its own access token. After validating the access
token, and retrieving the correct user with help of access token, it can
be set as current user with help of this method.