[Security] roles on token are ignored since 7.3

### Symfony version(s) affected

7.3.0

### Description

We have some logic in our app that impersonating a user adds some additional roles to the token.

Those roles are now not available anymore since this [change](https://github.com/symfony/symfony/pull/59558) and voting on those roles is denying access.

cc @nicolas-grekas so I think your assumption was not quite correct that those roles are not used in case the user implements `EquatableInterface` 🤔 

It now just [falls back to just the user roles](https://github.com/symfony/symfony/pull/59558/files#diff-ab820af445158805b5b0d729136971714bf9220a261ea527c4d39b370164911dR44) as the additionally added roles are ignored during serialization.

### How to reproduce

Code looks something like

```php
$additionalRoles = [...];

$token = new SwitchUserToken(
    $impersonatedUser,
    '...',
    array_merge($impersonatedUser->getRoles(), $additionalRoles), // here we pass additional roles which are ignored now
    $originalToken,
);
``` 

Our `$impersonatedUser` object implements `EquatableInterface`.



### Possible Solution

Revert https://github.com/symfony/symfony/pull/59558 🤔 

### Additional Context

_No response_

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

[Security] roles on token are ignored since 7.3 #60656

Symfony version(s) affected

Description

How to reproduce

Possible Solution

Additional Context

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

[Security] roles on token are ignored since 7.3 #60656

Description

Symfony version(s) affected

Description

How to reproduce

Possible Solution

Additional Context

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions