Calling an External JSON API on an Authentication Flow

Use case is client, SAML or OIDC, will authenticate via Identity Provider (OIDC say Google; or SAML) - on return of authentication from the Identity Provider, Keycloak will call out to an external JSON API, to obtain further attributes on the user (say lookup by email for telephone number).

Is above possible? Any hints on how to approach will be greatly appreciated.

I was referencing keycloak-json-remote-claim/README.md at master · groupe-sii/keycloak-json-remote-claim · GitHub as an OIDC example – not sure if I’m in correct ballpark.