Symfony version(s) affected: 4.4

Description
I'm following Custom Authentication System with Guard to implement my own "switch user" feature (across different firewalls). Instead of extending AbstractGuardAuthenticator as described in the documentation, I use my own implementation of createAuthenticatedToken(UserInterface $user, $providerKey) method.

My goal is just to add a custom role in the generated PostAuthenticationGuardToken.

    /**
     * Shortcut to create a PostAuthenticationGuardToken for you, if you don't really
     * care about which authenticated token you're using.
     *
     * @param string $providerKey
     *
     * @return PostAuthenticationGuardToken
     */
    public function createAuthenticatedToken(UserInterface $user, $providerKey)
    {
        $roles = $user->getRoles();

        // Why adding any custom role breaks authentication ?
        $roles[] = 'ROLE_FOO';

        return new PostAuthenticationGuardToken($user, $providerKey, $roles);
    }

Adding the role in the code above breaks authentication. Adding the roles in the UserInterface::getRoles() method is OK...

Any idea of what is happening here ?