GitLab doesn't force user to set 2FA during OAuth login
Background:
(Include problem, use cases, benefits, and/or goals) GitLab CE 10.4.4 configured as OAuth provider. Users forced to use MFA. If user has 2FA configured, he/she will be asked to provide OTP. If user doesn't have 2FA configured, but has 2FA graceful period expired, GitLab will authenticate user without forcing him/her to configure 2FA like it does inside GitLab itself.
Why GitLab doesn't force user to configure 2FA during OAuth login process?
Is it a case for creation of the new issue of it's a "feature"?
Edited by Illia Lavrovskyi