When an already logged-in user is accessing a page requiring elevated security (e.g. Special:BotPasswords), we require them to log in again. This is handled as a normal login, so when the primary authentication provider is CentralAuth, it is followed by a central login. Since the user is already logged in, this is pointless.
To complicate things, after T348388: Use central login wiki for login (SUL3) we will have to do some sort of central-ish login since we want to do all login centrally. But even then we don't need to go through the whole session negotiation process / redirect chain, just go through the login process on the central wiki and verify that it succeeded.
See also:
T208823: Support asynchronous reauthentication
T208668: Do not ask for password on reauthentication when 2FA is enabled