Javascript authorization attributes

I would like to add a javascript authz policy based on whether the user has used OTP or not to authenticate. Which attribute should I access in the session context, assuming this is possible out-of-the-box?

thank you

I answer myself, you can get a list of context attributes with this simple script: