Keycloak 25 reset credentials flow authenticating automatically

Hello, running keycloak 24 and upgrading to 25. In my current setup when a user hits forgot password I have a flow that performs choose user, check if user is federated, send reset email, reset password, reset credentials sso (conditional check). The only difference from the default is that there is a check to see if user is federated. It works as expected in keycloak 24, but in keycloak 25 with the same settings I’m having the email being sent but when a user clicks on the link it logs them directly without asking the user to reset their password. Tried looking on docs and release notes as to what changed from 24 to 25 but nothing seems to affect this. I noticed that there was a “Maximum Age of Authentication” which previously was not present. The default value of 300 and 0 both result in the same behavior. Thanks in advance for any insight!