I too have struggled to find the details. W3.org has the most authoritative source I have found. It states:
…user verification and use of credential private keys must all occur within the logical security boundary defining the authenticator.
If they had intended immediacy, I would expect verbiage along the lines of “at the time of authentication”. But they instead used (without definition)“logical security boundary”, so one could likely make a case that the “security boundary” is my vault being locked/unlocked, meaning “within” could include the entire duration for which one’s vault is unlocked.
Edit: grammar