问题
I use scopes:
- https://www.googleapis.com/auth/userinfo.profile
- https://www.googleapis.com/auth/userinfo.email
but result data of:
- https://www.googleapis.com/oauth2/v1/userinfo
- https://www.googleapis.com/oauth2/v3/tokeninfo
not contains info about exist two-factor auth on google account. Can I get boolean or another value about it?
回答1:
Sorry we don't expose If a user has 2 factor auth or not) through API. We have been thinking about this for a while.
We have been doing a lot of things to improve the security for all users (including the ones who have not enabled 2nd factor). This is based on the risk signals and we ask for second factor if the user has a phone # on their account even without a user enabling "strict" 2nd factor. This allows us to protect all users. The difference being in one case 2nd factor is required in all sign-in vs required when we think there is risk.
The problem is that if we do expose whether a user has enabled strict 2nd factor, a lot of 3rd parties will "force" users to become a "strict" 2 factor users without understanding what that means. So for now we don't have a timeline.
来源:https://stackoverflow.com/questions/45301632/google-oauth2-api-check-user-has-two-factor-authentication-not-gsuite