diff --git a/internal/broker/broker.go b/internal/broker/broker.go
index ea7dd9d3..d8f9327d 100644
--- a/internal/broker/broker.go
+++ b/internal/broker/broker.go
@@ -267,7 +267,7 @@ func (b *Broker) GetAuthenticationModes(sessionID string, supportedUILayouts []m
 
 	var authModes []auth.Mode
 	for _, id := range availableModes {
-		authModes = append(authModes, auth.NewMode(id, supportedAuthModes[id]))
+		authModes = append(authModes, supportedAuthModes[id])
 	}
 
 	if len(authModes) == 0 {
@@ -282,8 +282,8 @@ func (b *Broker) GetAuthenticationModes(sessionID string, supportedUILayouts []m
 	return auth.NewModeMaps(authModes)
 }
 
-func (b *Broker) supportedAuthModesFromLayout(supportedUILayouts []layouts.UILayout) (supportedModes map[string]string) {
-	supportedModes = make(map[string]string)
+func (b *Broker) supportedAuthModesFromLayout(supportedUILayouts []layouts.UILayout) (supportedModes map[string]auth.Mode) {
+	supportedModes = make(map[string]auth.Mode)
 	for _, layout := range supportedUILayouts {
 		kind, supportedEntries := layouts.ParseItems(layout.GetEntry())
 		if kind != layouts.Optional && kind != layouts.Required {
@@ -299,16 +299,19 @@ func (b *Broker) supportedAuthModesFromLayout(supportedUILayouts []layouts.UILay
 			if rc := layout.RendersQrcode; rc != nil && !*rc {
 				deviceAuthID = authmodes.Device
 			}
-			supportedModes[deviceAuthID] = "Device Authentication"
+			supportedModes[deviceAuthID] = auth.NewMode(deviceAuthID,
+				"Device Authentication")
 
 		case layouts.Form:
 			if slices.Contains(supportedEntries, entries.CharsPassword) {
-				supportedModes[authmodes.Password] = "Local Password Authentication"
+				supportedModes[authmodes.Password] = auth.NewMode(authmodes.Password,
+					"Local Password Authentication")
 			}
 
 		case layouts.NewPassword:
 			if slices.Contains(supportedEntries, entries.CharsPassword) {
-				supportedModes[authmodes.NewPassword] = "Define your local password"
+				supportedModes[authmodes.NewPassword] = auth.NewMode(authmodes.NewPassword,
+					"Define your local password")
 			}
 		}
 	}
diff --git a/internal/providers/noprovider/noprovider.go b/internal/providers/noprovider/noprovider.go
index 07b5ee48..aefc43ae 100644
--- a/internal/providers/noprovider/noprovider.go
+++ b/internal/providers/noprovider/noprovider.go
@@ -42,7 +42,7 @@ func (p NoProvider) AuthOptions() []oauth2.AuthCodeOption {
 // CurrentAuthenticationModesOffered returns the generic authentication modes supported by the provider.
 func (p NoProvider) CurrentAuthenticationModesOffered(
 	sessionMode string,
-	supportedAuthModes map[string]string,
+	supportedAuthModes map[string]auth.Mode,
 	tokenExists bool,
 	providerReachable bool,
 	endpoints map[string]struct{},
diff --git a/internal/providers/providers.go b/internal/providers/providers.go
index ccc8cfa9..766a7a02 100644
--- a/internal/providers/providers.go
+++ b/internal/providers/providers.go
@@ -6,6 +6,7 @@ import (
 
 	"github.com/coreos/go-oidc/v3/oidc"
 	"github.com/ubuntu/authd-oidc-brokers/internal/providers/info"
+	"github.com/ubuntu/authd/brokers/auth"
 	"golang.org/x/oauth2"
 )
 
@@ -16,7 +17,7 @@ type Provider interface {
 	CheckTokenScopes(token *oauth2.Token) error
 	CurrentAuthenticationModesOffered(
 		sessionMode string,
-		supportedAuthModes map[string]string,
+		supportedAuthModes map[string]auth.Mode,
 		tokenExists bool,
 		providerReachable bool,
 		endpoints map[string]struct{},