How to add keycloak-admin-client to an SPI?

I want to retrieve a (resource owner password credentials flow) token with a specific client using org.keycloak.admin.client.Keycloak:

Keycloak keycloak = KeycloakBuilder.builder() 
   .serverUrl(AUTHSERVERURL) 
   .realm(realm) 
   .grantType(OAuth2Constants.CLIENT_CREDENTIALS) 
   .clientId(clientId) 
   .clientSecret(clientSecret).build();

as in this example by Thomas Darimont.

I added keycloak-admin-client to the SPI jar by copying it into the /modules directory of Keycloak (the image shows the directory structure of the Docker build job, that whole tree is copied into Docker when building the image).

keycloak-cf-docker – UserRemovedMessageHandler.java europeana_eventlistener 2022-02-15 15-01-40

Keycloak can find the module, but I keep running into a ClassNotFoundException: javax.ws.rs.client.Client whenever that above code is run.
I’d think that keycloak-admin-client should be able to find it because jboss-jaxrs-api_2.1_spec-2.0.1Final is provided by keycloak in /opt/jboss/keycloak/modules/system/layers/base/javax/ws/rs/api/main/, but apparently not.

I tried adding the dependencies explicitly to the SPI pom.xml, as in this SO question , but I keep getting this:

2022-02-15 13:39:26,588 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-1) Uncaught server error: java.lang.NoClassDefFoundError: javax/ws/rs/client/Client
at deployment.europeana-eventlistener.jar//eu.europeana.keycloak.user.UserRemovedMessageHandler.getKCClient(UserRemovedMessageHandler.java:257)
...
Caused by: java.lang.ClassNotFoundException: javax.ws.rs.client.Client from [Module "org.keycloak.keycloak-admin-client" version 16.1.0 from local module loader @59cba5a (finder: local module finder @1bd39d3c (roots: /opt/jboss/keycloak/modules,/opt/jboss/keycloak/modules/system/layers/keycloak,/opt/jboss/keycloak/modules/system/layers/base))]
at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:200)

Any ideas how to fix that?