How do i change login sub-flow default?

I’m working on a login flow on Keycloak (25.0.4).

This is my current flow.

What i’m trying to achieve is to have password as the default method and “Try Another Way” show alternative options.

What i get is passkey as default.

Is there a way to change default option shown?

This is a tricky one and AFAIK not generally solvable…

As soon as there are more than 1 credential authenticator as alternatives, the order in the flow is ignored, but the order of the credentials in the current user is being used. If you get the passkey alternative first, most probably in your user the passkey credential is the first one. Another user with a different order of credentials has another first option.

You can drag’n’drop the order of the credentials of a user. Only an admin can do this for single users, no bulk operation. Additionally, the user itself is not able to change the order…
It is, what it is. It was a design decision. I don’t like it either.

Before i dive down that javadoc rabbit hole, is it even possible to customize flow processing or create a custom sub-flow type?

No worries, not rabbit hole, just as good as no documentation at all on this “feature”.
Like many classes in Keycloak…

Unfortunately not. This is part of the core part of Keycloak and is not customizable with an SPI.

Yes, I know, that’s all so sad… but we have to deal with it for the time being.

Thanks for the info …

Unfortunately in my case “dealing with it” is not that simple as it’s a deal breaker.

As for rearranging the order of authenticators manually: my users are federated, i don’t see a way to do that anyway.