How to discover if Google User is using Two Factor Authentication through OIDC

Question

I am looking into adding Google as an Identity Provider for a Single Signon Solution. The problem is that I would very much like to be informed if the Google user that authenticates has Two Factor Authentication enabled on their account or not. This is where my googling skills failed me however, as I have found no real mentions of the Two Factor Authentication information being available as part of the authentication Token.

So my question is simply how I can discover if a user who either creates an account via the Google IDP, or simply links their account, has Two Factor Authentication enabled on their Google account?

It seems to be possible to do via the reporting API at a later date, but it would make much better sense for my usecase to somehow get the information in the OIDC token.

Thank you very much for any help you can provide.

Answer 1

Having spent a lot of time on google, i finally managed to find a result, which is another stackoverflow post (No surprise there).

In short, it does not seem to be possible, at least it wasn't in 2017. It was a considered feature but was not implemented. The post is here: Google OAuth2 API. Check user has two factor authentication (Not GSuite)