Optimal Approach for User Authentication in Vaadin Flow with OAuth2

I am facing a specific problem with Vaadin Flow. In our prior implementation, we would authenticate users directly via OAuth2, sans a login page. This would direct the user straight to Google, and in this approach, Vaadin’s serviceInit would not trigger before authentication. This allowed us to add some attributes to the Vaadin session.
However, we recently encountered a necessity for a login screen for authentication with both OAuth2 and credentials. With this new approach, serviceInit triggers before the user is authenticated. As a result, the values that should be prefilled in the Vaadin session, such as some predefined user settings (which should be fetched only once), are not fetched, as serviceInit will not be called after the authentication.
To work around this issue, I managed to add some logic in Spring’s successhandler:

public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
    super.onAuthenticationSuccess(request, response, authentication);
    Collection<VaadinSession> allSessions = VaadinSession.getAllSessions(request.getSession());
    VaadinSession vaadinSession = allSessions.stream().findFirst().orElse(null);
    if (vaadinSession != null) {
        if (authentication != null && authentication.getPrincipal() instanceof DefaultOidcUser) {
            try {
                vaadinSession.lock();
                try (final Connection connection = serviceLocator.getConnection()) {
                    // user data
                    // vaadinSession.setAttribute(Data.class, data);
                }
                vaadinSession.unlock();
            } catch (final Exception ex) {
                vaadinSession.getSession().invalidate();
            }
        }
    }
}

Though this approach works, it doesn’t seem conventional and I’m looking for a better way to handle this scenario. What would be the ideal approach for this situation?

Spring’s authentication success listener is the correct location for this kind of logic

Thank you for the guidance. I appreciate your swift and helpful response.