We should support authorization of factors within a specified amount of time. For example, you might only allow access to /user/settings if a user has authenticated with their password within the last hour.
We should support authorization of factors within a specified amount of time. For example, you might only allow access to /user/settings if a user has authenticated with their password within the last hour.