So, the reason for my problem is that in the UpdateUserCommandHandler class, I update the user, including their UserName, which in the Identity database is literally a copy of the Email column. Digging into how the login endpoint works (which comes from Identity), I discovered that the login process searches for the user by their UserName rather than their Email: documentation.

This is very misleading when using Swagger because the "example value" suggests entering an email address, which is confusing. By default, if no changes are made to the user, the UserName indeed receives the email address as a copy of Email. However, since I update the UserName, entering the email address during login results in a 401 Unauthorized error. On the other hand, when I use the user's UserName for login, everything works correctly.