Ok, never mind. I’ve found a solution. Stupid really.
So I pass the KeycloakSession to the provider when creating it in the EventListenerProviderFactory.
Before I call my API I execute the following
session.getTransactionManager().commit() -> THIS IS NOT GOOD
It wasn’t until I asked the question that I finally saw the answer, same old story.