Login per Client in Single realm

Is it possible to configure each clients in a single realm to sign-in everytime? Here are the different flows I need to support somehow.

1. Login to a dashboard - client from same realm (Public client and Auth Code Flow)
2. Select an application which is also a client from the same realm
   2.1 User must sign-in every time after selecting an app
   2.2 Ability to destroy the previous session of selected application but not the dashboard

One thing i’m confused with #2 is that when I sign-in to application-one from the dashboard and I click application 2, the session of application-two and application-one is combined not like the dashboard which is a separate keycloak session.

Options I tried

1. Client specific Authentication flow overrides using a copy of browser flow BUT with disabled cookie. My issue here is that if I reload, I need to sign-in again even if there is still a session from Keycloak.
2. Custom Event Listener onLogin - I call AuthenticationManager backchannelLogout to remove the previous session that don’t have the dashboard session.

Any suggestions would help. Thank you.

Hi @santosmken,
If the application wants to force the login, it can use the standard OIDC parameter prompt=login [1] in the authentication request. Using that parameter, the IdP will prompt for user credentials, no matter if you have an existing active IdP session or not.
[1] Final: OpenID Connect Core 1.0 incorporating errata set 1