Description
Description
At the moment the max auth age is hardcoded for all required actions to 300s except the update password action (also see #25569 ).
The implementation of the update password required action should be moved to interface level to enable max auth age configuration to all required actions by default.
Discussion
No response
Motivation
At our company we are running in ux issues with the current default time of 300s, because we are chaining two to three actions in a row for a credential migration process and dont want to bother our customer with a reauthentification at every step. While we could copy (or inherit) the implementation of all our needed required actions and could then override the getMaxAuthAge method by ourself, I dont really find this to be the right way. Because this would also force us to reimplement certain default authentificatiors like he WebauthnAuthenticator to use our custom implemantion of the required actions.
Details
No response