Skip to content
← Developers

How can we improve the developer experience on Twitch?

Developers: API

Categories

JUMP TO ANOTHER FORUM

(thinking…)

2FA status in users endpoint (when authing as the user)

We third party dev's often build tools that assist with moderation actions/services for broadcasters.

We tell Moderators to enable 2FA, but we have no way to check it.

It would be useful to block Logins to our tool if 2FA is not enabled. But 2FA data is not surfaced in the API and there's no way to require a User to be 2FA during the login/oAuth loop.

I'd like to see the users endpoint(s) provide 2FA status.
I expect this to be behind the user read or openID scopes.

openID allows email verified. Why not 2fa status (for example)

Worth noting that Discords floats "mfa_enabled" in it's user API so we have precedent.

35 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

BarryCarlyon shared this idea  ·   ·  Report…  ·  Admin →
How important is this to you?

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • AdminJon Bulava (Developer Relations, Twitch) commented  ·   ·  Report

    I would agree it is a security risk to provide a flag in a user object whether or not they have 2FA enabled. However, I think it's possible for this use case to be realized without exposing the risk if we provided developers a way to require 2FA when authenticating to their application. As such, I will move this back into into "under consideration" given this approach while we discuss further.

    (Edited by admin)