Best way to extend administrative API?

Do you have any recommendations how to extend the administrative API so that the original Keycloak code stays intact and the extension is provided as a separate JAR so that it would be possible to upgrade Keycloak to newer versions without needing to patch it along every upgrade because of the custom code?

The use case we are trying to implement is just to allow API client to unlink an individual federated user. As far as I know, this would require at least:

  1. New function in the REST API
  2. New method in the API client classes
  3. New business method in the server code

I have tried unlinking user by calling setFederationLink(null) in the UserRepresentation class, but this leads to an error. What is interesting however is that if I call the same method by providing an existing Federation provider id instead of null, I am able to re-link previously unlinked user back to Federation provider.

Another interesting note: if I tweak the database directly and set the federation link to null there, the whole user disappears from Keycloak. What is the reason for this? Is it a conflict in user cache versus database or what?

Take a look at and see if this helps you any further, also read the root readme file in the repo

Thanks for the link, I’ll check that out.

Extending API seems straightforward. But is there an easy way to add that business logic to server side code for unlinking just a single individual user? It seems that I would need to add logic for that to at least UserCacheSession, UserStorageManager and JpaUserProvider (and corresponding interfaces). Is there any possibility to do that in pluggable way without altering the original source code? Is CGLIB or other bytecode manipulation tool the only way for achieving this?

I’d recommend to extend the existing code and try to work with the team to embed this as an enhancement. This will validate your idea, possibly show you alternatives or finally promote a reviewed implementation into the solution so that all can leverage it