Various system administration tasks are set to require the user's password to have been verified recently. (All done via Piwik\Plugins\Login\PasswordVerifier)
Would it make sense to forcefully set $sessionNamespace->lastPasswordAuth on some ongoing basis? (Every page load, maybe?) Or can the plugin override the verification template and have it check that the user's session is still valid according to the upstream OIDC server?
Various system administration tasks are set to require the user's password to have been verified recently. (All done via
Piwik\Plugins\Login\PasswordVerifier
)Would it make sense to forcefully set
$sessionNamespace->lastPasswordAuth
on some ongoing basis? (Every page load, maybe?) Or can the plugin override the verification template and have it check that the user's session is still valid according to the upstream OIDC server?