We use Keycloak to Authenticate our users using an Identity provider like Google, Microsoft, …
We would like to have a keycloak client that has a slightly different authentication flow.
Desired behaviour: the authentication is still performed using the normal identity provider (Google, Microsoft, …), but adds an extra OTP Form after (2FA).
-
I know that I can add my flow in the
Identity providers -> Post login flow. That would give the result I seek. However, that would alter all clients, not just that one i want. -
If I override the Browser Flow on that client (Authentication flow overrides) with my particular flow, that does not work. It works if the authentication is of type username/password, but not when using an Identity provider (seem to be bypassed).
If someone has ideas of a potential solution, it is greatly appreciated.