It'd be good to see what is the recommended way to reload user roles after login, this is very likely a common scenario that symfony developers would be looking for.

Scenario:

1. John logs in with ROLE_USER
2. Jane, the "Super Admin" - adds ROLE_ADMIN to Joe's account
3. John refreshes the page, and sees that he is an admin now (without a logout).

Scenario 2:

1. Jane logs in
2. Jane upgrades her account, ROLE_SUBSCRIBER
3. Jane has new roles on her account without a logout

Potential solution for scenario 1: have a custom isEqualTo on the user entity to not check getRoles() (so that it doesn't cause a logout due to the now default behaviour) AND set an onCoreController listener that re-authenticates with user that has the updated roles (triggered by comparing a property such as updatedAt or similar):

$token = $loginFormAuthenticator->createAuthenticatedToken($user, $providerKey);
$guardAuthenticatorHandler->authenticateWithToken($token, $request, $providerKey);

Potential solution for scenario 2: Post-upgrade of the account, in the same action, again re-authenticate using guard with the code as above (I've tested it and the new role will appear)

Page: https://github.com/symfony/symfony-docs/blob/5.x/security.rst

A real world example: Spotify is apparently made in Symfony, and after upgrading to Premium, they do not ask you to log back in.

Thanks,
Peter