Translations:Manual:$wgAllowSecuritySensitiveOperationIfCannotReauthenticate/5/en

When the user is authenticating via an immutable session (such as OAuth; more generally, those provided by a $SessionManager which returns false for $canChangeUser), login is not possible.