In #41959 we added authRequired: 'optional' which changed a request termination logic for the next 2 cases:

• redirect to IdP
• notHandled (no valid credentials)

From now, redirect and notHandled logic performed by the core, depending on the current authRequired value. That makes responseFactory excessive, and we should remove it to provide the only way to redirect/reject an incoming request via authToolkit.

Reject interface might look like:

return t.failed({
  error: {...},
  statusCode?: number,
  responseHeaders: authenticationResult.authResponseHeaders,
});

to support cases when a request to Elasticsearch failed and we need to proxy an error to the client