Manual:$wgAllowSecuritySensitiveOperationIfCannotReauthenticate

Normally when the user attempts a security-sensitive operation (such as a password or email address change) and the last login was more than $wgReauthenticateTime seconds ago, MediaWiki sends them through the login page again. When the user is authenticating via an immutable session (such as OAuth; more generally, those provided by a  which returns false for  ), login is not possible. This configuration setting decides whether the user is allowed to perform the operation in such a case.