While working on the instrumentation of account conversions for temporary users T346327, we realized that we need access to the user that attempted the action rather than the user the authentication request is being made for. That is to determine whether the creator is a temporary account or not.
Based on this use case and other possible usages (an extension that allow super-admins to impersonate others, for example) it's worth considering to add a $creator parameter to the hook so it's commonly available