Is `PUT .../update-bracnh` not callable using GitHub App's token?

I’m developing a private GitHub App in our organization. I want to call PUT https://api.github.com/repos/{ORG}/{REPO}/pulls/{PR_NUMBER}/update-branch using the app’s token
, but the endpoint returns an error response:

{
  "message": "user doesn't have permission to update head repository",
  "documentation_url": "https://docs.github.com/rest/reference/pulls#update-a-pull-request-branch"
}

I’ve confirmed our GitHub App has permissions to read/write our repository’s pull-requests and contents, I’m guessing the endpoint is not callable using GitHub App’s tokens.

Anyone has any knowledge about this?

Thanks.

How to reproduce

  1. Generate JWT using GitHub App’s private key
require 'openssl'
require 'jwt'  # https://rubygems.org/gems/jwt

# Private key contents
private_pem = File.read("PATH_TO_PEM")
private_key = OpenSSL::PKey::RSA.new(private_pem)

# Generate the JWT
payload = {
  # issued at time, 60 seconds in the past to allow for clock drift
  iat: Time.now.to_i - 60,
  # JWT expiration time (10 minute maximum)
  exp: Time.now.to_i + (10 * 60),
  # GitHub App's identifier
  iss: "YOUR_APP_ID"
}

jwt = JWT.encode(payload, private_key, "RS256")
puts jwt
  1. Get an access token
curl --request POST \
  --url https://api.github.com/app/installations/:installation_id/access_tokens \
  --header 'Accept: application/vnd.github.v3+json' \
  --header 'Authorization: Bearer {JWT}'
  1. Call update-branch API
curl --request PUT \
  --url https://api.github.com/repos/:org/:repo/pulls/:pr_number/update-branch \
  --header 'Accept: application/vnd.github.v3+json' \
  --header 'Authorization: Bearer {ACCESS_TOKEN}'

It would get an error:

{
  "message": "user doesn't have permission to update head repository",
  "documentation_url": "https://docs.github.com/rest/reference/pulls#update-a-pull-request-branch"
}