Got it working now... It first worked, as I also clear the session by sign out the user. Now the session is deleted, user is signed out on app and got an error page. Here the user now can login again with new credentials

Can someone say, how secure this workaround is?

protected override async Task<InteractionResponse> ProcessLoginAsync(ValidatedAuthorizeRequest request)
{
    var user = request.Subject;
    var httpContext = _httpContextAccessor.HttpContext;

    //Check first if user was authenticated
    if (user == null || !user.Identity.IsAuthenticated)
    {
        return await base.ProcessLoginAsync(request);
    }

    var clientId = request.Client.ClientId;

    //Check if user has correct client access role which is defined in appsettings
    if (_clientAccessRoleConfig != null && _clientAccessRoleConfig.TryGetValue(clientId, out var requiredRoles))
    {
        var userRoles = user.FindAll(JwtClaimTypes.Role).Select(r => r.Value);

        if (!userRoles.Any(r => requiredRoles.Contains(r)))
        {
            //Call signout to logout the current login and clean the session
            var authenticationService = httpContext.RequestServices.GetRequiredService<IAuthenticationService>();
            await authenticationService.SignOutAsync(httpContext, "Identity.Application", null);

            //Redirect to error page
            return new InteractionResponse
            {
                Error = "Unauthorized",
                ErrorDescription = "No permission to access this app"
            };
        }
    }

    return await base.ProcessLoginAsync(request);
}