Difference between context methods

I was going through the two context methods for the Product Authentication API that is asApp() and asUser(). I have read the docs but I can’t actually figure what’s the difference between the two?

In the documentation, it is mentioned that if I am providing the required permissions, the request will work correctly because asApp() will fetch the permissions via the manifest file. Is it because of the fact that if we have defined some permissions in the manifest.yml file, then at the time of loading the app for the first time, the user has to grant access to the required resources.

The above scenario seems to be the most ideal one, then why do someone has to use asUser()? And if someone uses it, then what is the authorization flow?

Say, I want to get the paginated results of the JIRA projects and have defined the required permission in the scopes section of the manifest file. Do we have to define the permissions if we are only using asApp() because if even after using asUser(), the user is prompted for granting the permissions at the initial run, then what is the difference between both of the context methods?

In the examples of the cloud APIs for the various Atlassian products that can be integrated with Forge Apps using Bridge (Jira and confluence are the only options), there are example Forge requests provided after each endpoint. In there, mostly everywhere asUser() method is used. Is there any specific reason behind that? And I have seen examples in which for the same REST API endpoints,asApp() is used. Why is that?

Waiting for the team’s response so that the things can get clearer for me

asApp makes a call as the app user where as asUser makes the call as the current logged in user using the app. Preference should be to make the call as asUser since the app may have access to less/more than the current user.

There are a few rare cases where you need to use asApp (such as when the you’re doing a scheduled task and there is no user interacting with the app).