Add support for 2FA in applications without state #306
Description
Currently, it is not possible to use stateless 2fa methods, like TOTP or Google Authenticatior without a session.
In the linked issue / PR, this was implemented and merged into 8.x.
However, these changes did not make it into the final release.
Can we re-introduce these changes, so we can use 2fa in a stateless app?