Manual:$wgAllowSecuritySensitiveOperationIfCannotReauthenticate/en

Normally when the user attempts a security-sensitive operation (such as a password or email address change) and the last login was more than seconds ago, MediaWiki sends them through the login page again. When the user is authenticating via an immutable session (such as OAuth; more generally, those provided by a which returns false for  ), login is not possible. This configuration setting decides whether the user is allowed to perform the operation in such a case.