I noted during testing that the FinalizeAuthentication action dating back to its first version ever has a bug that manifests when you bypass SSO for a particular flow by marking it non-reusable. This causes the code to copy in the previously active result from the AuthenticationContext's active results collection, but it deliberately doesn't overwrite that with a fresh result that was just produced.
This doesn't matter much in practice, and it doesn't cause any problems if the identity actually changes, but it does create anomalous results if you're proxying authentication with richer attribute data, because it ends up using the previous set of attributes until the next request when it pulls the updated result out of the session and so on, so it's always off by one.
We discussed and think the impact is minor enough in that it really is just a kind of caching, of which we have a lot of similar examples in the system. Will fix now and backport if we do a patch.