I pretty much rely on the public roadmap, like everyone else:
Clicking through to the Trello board, we are aware this is possible with Connect but not Forge; hence, “User impersonation for Connect-on-Forge apps” for “Future” (no estimated date but looks like a quarter or more). Hopefully, that gives us the primitive you need.
That said, there’s a lot more to your scenario. I wonder if what you want to do could be accomplished some other way. Specifically, the Forge auth docs explain:
The
asApp()function authenticates with the Atlassian products using a system user dedicated to your app. The system user is only a member of the default user group. This means the system user is not able to access private data such as Jira projects or Confluence spaces that are not visible to the default user group.
Have you tried manually managing that app-specific user’s permissions? I would start with just seeing what is possible in the UI before trying to get the App to escalate it’s own permissions, which is unlikely to be possible now. Indeed, I think this is the critical leg of your problem, not so much the user impersonation. Generally, I think our security team would frown on the kind of escalation you are suggesting your App needs.