Any endpoint that requires authorization must use a Bearer token and nothing else. This is due to the fact that you are making requests on behalf of a user, and since App Access Tokens don’t reflect user credentials they cannot be used in lieu of them.
If you hit the /users endpoint with no query parameters, the API assumes you are requesting information for the user associated with the Bearer token. As such, if you don’t provide a Bearer token without requesting specific user-ids, it will give you an error.
Since you are performing an operation on behalf of a user which requires authorization, you need to provide a Bearer token with the appropriate scopes. If you are still getting status 500, something might be borked on Twitch’s end.