I would love to be able to have the option for Google Authentication to be integrated into your current 2-Factor Authentication system. Hypothetically, if I were to misplace or brake my phone, it would take some time for me to be able get a new device in which time I would not be able to reenter my Twitch account. I mod for channels, work with creators and would feel awful if I was not able to continue supporting and working for them as I do.

It was also just be an ease of access thing, where I have all of my current 2F Authentication already with Google Authentication, so as this isn't necessarily an essential facet to this system, it would be a nice addition to this system.

We third party dev's often build tools that assist with moderation actions/services for broadcasters.

We tell Moderators to enable 2FA, but we have no way to check it.

It would be useful to block Logins to our tool if 2FA is not enabled. But 2FA data is not surfaced in the API and there's no way to require a User to be 2FA during the login/oAuth loop.

I'd like to see the users endpoint(s) provide 2FA status.
I expect this to be behind the user read or openID scopes.

openID allows email verified. Why not 2fa status (for example)

Worth noting that Discords floats "mfa_enabled" in it's user API so we have precedent.

The iOS app has this annoying habit of logging me out of the app seemingly at random, and with no input at all on any other device. This is very disruptive as I have 2FA set up on my account, and to log in I have to both provide my password and an auth code that may/may not be easy to get to depending on whether I have my auth code generator to hand.

The iOS app never used to randomly log out, so the question is why is it doing it now. I'm aware of the "30 days" feature but it'll often log out well before the 30 days are up.