I have been facing a similar Problem and found this issue report that describes why this is happening: https://github.com/spring-projects/spring-security/issues/14991

Basically you have to set a anonymous authentication every time you do a web-client call:

Authentication anonymousAuthentication = new AnonymousAuthenticationToken(
        "anonymous", "anonymousUser", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
String body = webClient
        .get()
        .uri(resourceUri)
        .attributes(authentication(anonymousAuthentication))
        .retrieve()
        .bodyToMono(String.class)
        .block();

...

return "index";

This will result in the ServletOAuth2AuthorizedClientExchangeFilterFunction using the same token every time.