The AuthenticateAction validate that the current user is still connected by calling the CredentialProvider#isStillConnected but the FrontAuthenticateAction doesn't.

This lead to a bug in extra-user-management where the access token was not refreshed.