2FA Authentication using Identity providers, but only for a specific client

We use Keycloak to Authenticate our users using an Identity provider like Google, Microsoft, …

We would like to have a keycloak client that has a slightly different authentication flow.
Desired behaviour: the authentication is still performed using the normal identity provider (Google, Microsoft, …), but adds an extra OTP Form after (2FA).

  • I know that I can add my flow in the Identity providers -> Post login flow. That would give the result I seek. However, that would alter all clients, not just that one i want.

  • If I override the Browser Flow on that client (Authentication flow overrides) with my particular flow, that does not work. It works if the authentication is of type username/password, but not when using an Identity provider (seem to be bypassed).

If someone has ideas of a potential solution, it is greatly appreciated.