That is less of a problem in the consumer space where the OIDC Auth providers have giant long lived sessions (google/FB/etc).

In the government/banking/etc space - there is at least FIDO/WebAuthn/Passkeys which also resolves it. But it's a fair criticism.