Google OAuth2 API.检查用户是否具有两因素身份验证(不是GSuite) [英] Google OAuth2 API. Check user has two factor authentication (Not GSuite)
问题描述
我使用范围:
- https://www.googleapis.com/auth/userinfo.profile
- https://www.googleapis.com/auth/userinfo.email
但结果数据为:
- https://www.googleapis.com/oauth2/v1/userinfo
- https://www.googleapis.com/oauth2/v3/tokeninfo
不包含有关Google帐户上存在的两因素身份验证的信息. 我可以获取布尔值或其他值吗?
not contains info about exist two-factor auth on google account. Can I get boolean or another value about it?
推荐答案
对不起,我们无法通过API公开(如果用户具有2因子身份验证).我们已经考虑了一段时间.
Sorry we don't expose If a user has 2 factor auth or not) through API. We have been thinking about this for a while.
我们已经做了很多事情来提高所有用户(包括未启用第二因素的用户)的安全性.这基于风险信号,即使用户未启用严格"第二因素,我们也会询问第二因素,即用户是否在其帐户上拥有电话号码.这使我们能够保护所有用户.在所有情况下,登录时都需要第二个因素,而我们认为存在风险则需要第二个因素.
We have been doing a lot of things to improve the security for all users (including the ones who have not enabled 2nd factor). This is based on the risk signals and we ask for second factor if the user has a phone # on their account even without a user enabling "strict" 2nd factor. This allows us to protect all users. The difference being in one case 2nd factor is required in all sign-in vs required when we think there is risk.
问题在于,如果我们确实公开了用户是否启用了严格的第二因素,则许多第三方会强迫"用户成为严格"的第二因素用户,而不会理解这意味着什么.所以现在我们没有时间表.
The problem is that if we do expose whether a user has enabled strict 2nd factor, a lot of 3rd parties will "force" users to become a "strict" 2 factor users without understanding what that means. So for now we don't have a timeline.
这篇关于Google OAuth2 API.检查用户是否具有两因素身份验证(不是GSuite)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
