Can an app use both user auth and app auth?

I am looking at writing an app (external webapp that uses the Box APIs) that allows a user to authorise the app to access their Box account, then perform some actions on their Box account's files through our app; then some other actions are kicked off that are performed by a service account.

https://docs.box.com/docs/authentication says "Box offers two types of authentication. You must choose one or the other in order to use the Box REST API. The correct choice depends on the type of application you're building. ... OAuth 2 [and] OAuth 2 with JSON Web Token".

So does this mean I'll need 2 apps registered in Box for this work? One that is set to use user auth (three-legged OAuth) to authenticate the user using OAuth and to perform the user's actions using a user access token, and a second one that use set to use app auth (OAuth with JWT) to perform the actions as the service account?