Communicate Password Change Failure Reason During Expiry + Pw History

when password expiry and password history are enabled, the following situation may occur:

when a password is expired, it may be changed as part of the regular authenticate call, in this case handled by the UserAuthentication. if the new password is found in the password history, the pw change fails and UserAuthentication still reports this (special) login as expired.

it would be desirable to allow consumers of the resulting state (currently CredentialExpiredException) to be able to identify that the password change failed due to it being in the pw history, even though the unchanged password could still be considered expired.