Spring Security AuthenticationPrincipalArgumentResolver has an outdated Authentication when OIDC ID Token is updated after refresh token

Hi,

In a plain oauth2Login() application (keycloak as IDP for example), after https://github.com/spring-projects/spring-security/pull/16589 has been implemented, consider the following example :

 @PostMapping("/fast")
    public Map<String, Object> getOidcUserPrincipal @AuthenticationPrincipal OidcUser principal1) {
        var principal2 = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
        return principal1.getClaims();
    }

Once the OidcUserRefreshedEventListener#onApplicationEventhas been triggered, it's already too late for the AuthenticationPrincipalArgumentResolverto get the updated value, as it's not aware of the OidcUserRefreshedEvent.

So in the example above, with a very short Access Token Lifespan (let's say 2 minutes), principal1 might get the "before" refresh ID Token, whereas principal2 has the up-to-date value.

Shoot the endpoint before the refresh happens, values are in sync, wait a little, they are out-of-sync and so on.

Hope this is clear.

Thanks