So I’ve been corrected by the team. Discourse ID does use OAuth2 under the hood - my apologies. I thought it was using a different protocol.
To your question, we do not support 2FA with external logins. As the message you saw stated, 2FA cannot be enforced without local logins being enabled. We rely on the external login provider (Discourse ID in this case, but this applies to all external providers) to manage 2FA, including enforcement.