2FA status in users endpoint (when authing as the user)
We third party dev's often build tools that assist with moderation actions/services for broadcasters.
We tell Moderators to enable 2FA, but we have no way to check it.
It would be useful to block Logins to our tool if 2FA is not enabled. But 2FA data is not surfaced in the API and there's no way to require a User to be 2FA during the login/oAuth loop.
I'd like to see the users endpoint(s) provide 2FA status.
I expect this to be behind the user read or openID scopes.
openID allows email verified. Why not 2fa status (for example)
Worth noting that Discords floats "mfa_enabled" in it's user API so we have precedent.
