At the moment, OAuth2ClientFilter uses JwtSession object to store OAuth2 related information under session key "oauth2:<clientEndpoint>". Users with existing OAuth2Session or valid access token can access protected resource without re-authenticating again.
For a special endpoint (route) in IG, it is nice to force the user to re-authenticate before users can continue.
According to https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest there is a parameter "prompt" available which will achieve this when setting it to "login".
It would be nice to have this option in IG as well by having config attribute such as "prompt" in OAuth2ClientFilter.