Also, before you comment, read https://github.com/keycloak/keycloak/pull/1644 I believe there is no harm in skip_auth_mechanisms query parameter. I agree there are scenarios where other options are also good, but not globally.