Custom required action with immediate login when done

Hi,

We have a similar use case as in a previous post: Login user after setting new password

What is the most secure way to solve this? I have 2 options, by using an Authenticator, but I am stuck on the second one with the usage of AuthenticationManager.createLoginCookie

option 1:
Set a custom (digest) cookie in the Required Action and implement an Authenticator to validate the cookie. Then the browser flow needs to be adapted with the Authenticator.

option 2:
Set the Keycloak login cookie from within the Required Action by calling AuthenticationManager.createLoginCookie, but I am stuck here on the creation of a UserSessionModel: UserSessionModel userSession = context.getSession().sessions().createUserSession(…)
This is what I have so far in my processAction of the Required Action, but I am stuck with the question marks:

   UserSessionModel userSession = context.getSession().sessions().createUserSession(
            context.getAuthenticationSession().getParentSession().getId(),
            context.getRealm(),
            context.getAuthenticationSession().getAuthenticatedUser(),
            context.getAuthenticationSession().getAuthenticatedUser().getUsername(),
            context.getConnection().getRemoteAddr(),
            OIDCLoginProtocol.LOGIN_PROTOCOL,
            false,
            " ?????????  ",
            " ?????????  "
    );
    AuthenticationManager.createLoginCookie(
            context.getSession(),
            context.getRealm(),
            context.getAuthenticationSession().getAuthenticatedUser(),
            context.getSession().sessions().getUserSession(context.getRealm(), ),
            context.getUriInfo(),
            context.getConnection());

Any ideas what to put in the question marks?

regards,

Sven