Before Symfony 5.3, I had a Listener that listened to requests and checked each time if the roles of the authenticated user had changed, in which case it refreshed its token.

This allowed the user to automatically benefit from its new features if their role were to change (something which can happen very often in my application).

I realized it like this:

class RequestSubscriber implements EventSubscriberInterface
{

    public function __construct(
        private TokenStorageInterface $tokenStorage,
    ){}

    public static function getSubscribedEvents(): array
    {
        return [
            KernelEvents::REQUEST => 'onRequest',
        ];
    }

    public function onRequest(RequestEvent $event): void
    {
        if (!$event->isMainRequest()) {
            return;
        }

        if (!$token = $this->tokenStorage->getToken()) {
            return;
        }

        $sessionUser = $token->getUser();

        if ($sessionUser instanceof User) {
            $this->tokenStorage->setToken(new PostAuthenticationGuardToken($sessionUser, 'main', $sessionUser->getRoles()));
        }
    }
}

But since Symfony 5.3, we have to use the new authenticator. Which gives me a depreciation:

User Deprecated: Since symfony/security-guard 5.3: The "Symfony\Component\Security\Guard\Token\PostAuthenticationGuardToken" class is deprecated, use the new authenticator system instead.

This is because of this line :

$this->tokenStorage->setToken(new PostAuthenticationGuardToken($sessionUser, 'main', $sessionUser->getRoles()));

But there is no indication, telling us which class to use to refresh the token with the new authenticator