Issue Summary

When using the /rest/api/2/user endpoint in the Forge app to create users, the users are being created in a suspended status. This happens using both asApp() method or appUserToken.

Steps to Reproduce

• Create a Forge app
• Use the below-mentioned sample code in the resolver :

  import Resolver from '@forge/resolver';
  import api, {route} from "@forge/api";const resolver = new Resolver();resolver.define('getText', async(req) => {
    console.log(req);
    var bodyData = `{
    "emailAddress": "mia@atlassian.com",
    "products": [
      "jira-software"
    ]}`;
    const response = await api.asApp().requestJira(route`/rest/api/2/user`, {
      method: 'POST',
      headers: {
        'Accept': 'application/json',
        'Content-Type': 'application/json'
      },
      body: bodyData
    });
    const data = await response.json();
    console.log(JSON.stringify(data));  
  });export const handler = resolver.getDefinitions(); 

• Run the app, and it creates a user with suspended.

Expected Results

• The request should return a 403 Forbidden error.

• The documentation needs to be corrected, as only site/org administrators can create users, and currently, there is no way to make an app user a site/org administrator.
• It should be clearly stated that the API is not designed to be used with Forge and Connect apps.

Actual Results

• The user is created but in a deactivated status, as shown below

Workaround

Currently there is no known workaround for this behavior. A workaround will be added here when available