Symfony version(s) affected: 5.2.6

Description
So we use login_throttling with a max_attempts set to 3 in our security.firewalls. When we login successful and logout again 3 times in 1 minute, the 4th time we want to login again we get the login_throttling error message saying "Too many failed login attempts, please try again in 1 minute". We saw this happen in our UI tests using Cypress where we login many times.

According to the docs it says: "One of the best countermeasures to these attacks is called “login throttling”, which denies a user from attempting logins after a certain number of failed attempts". In our case they are not failed attempts but still login_throttling is taking action.

Is this the expected behavior of login_throttling? If so, is there a way that we could make it work only for failed attempts?

How to reproduce
See Description