Tested in fresh cluster 4.8.0-0.nightly-2021-06-18-055840

There are 2 ways to verify

Method 1
1. copy oc to ANY_POD
$ oc cp /usr/bin/oc ANY_POD:/tmp/oc
2. enter ANY_POD
$ oc rsh ANY_POD
3. get the resources in authorization.openshift.io group by oc CLI and check the result
when using old build, error is returned from the server.
sh-4.4$ /tmp/oc get rolebinding.v1.authorization.openshift.io
Error from server: Get "https://172.30.0.1:443/apis/rbac.authorization.k8s.io/v1/namespaces/xxia-proj/rolebindings?limit=500": net/http: invalid header field name "Impersonate-Extra-authentication.kubernetes.io/pod-uid"
sh-4.4$ /tmp/oc get role.v1.authorization.openshift.io
Error from server: Get "https://172.30.0.1:443/apis/rbac.authorization.k8s.io/v1/namespaces/xxia-proj/roles?limit=500": net/http: invalid header field name "Impersonate-Extra-authentication.kubernetes.io/pod-name" (edited) 

when using new build including the fix, expected result is returned.
sh-4.4# /tmp/oc get rolebinding.v1.authorization.openshift.io
NAME                    ROLE                                       USERS   GROUPS                                             SERVICE ACCOUNTS                      USERS
prometheus-k8s          openshift-oauth-apiserver/prometheus-k8s                                                              openshift-monitoring/prometheus-k8s   
...                                  
sh-4.4# /tmp/oc get role.v1.authorization.openshift.io
NAME
prometheus-k8s


Method 2
1) enter a different pod rather than KAS
$ oc get pods -n openshift-oauth-apiserver
$ oc rsh -n openshift-oauth-apiserver apiserver-64c8f57f9c-2djtw
2) curl the endpoint of the kube-apiserver from inside of the pod and check and result
$ token=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
$ curl -k "https://${KUBERNETES_SERVICE_HOST}/apis/authorization.openshift.io/v1/clusterroles/view" -H "Authorization: Bearer ${token}"

when using old build, error is returned from the server.
{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {  },
  "status": "Failure",
  "message": "Get \"https://172.30.0.1:443/apis/rbac.authorization.k8s.io/v1/clusterroles/view\": net/http: invalid header field name \"Impersonate-Extra-authentication.kubernetes.io/pod-name\"",
  "code": 500
}

when using new build including the fix, expected result is returned.
{
  "kind": "ClusterRole",
  "apiVersion": "authorization.openshift.io/v1",
  "metadata": {
    "name": "view",
    ...
}

*** Bug 1973258 has been marked as a duplicate of this bug. ***

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:2438