Hello,

I need to extend the authorization endpoint (/auth/realms//protocol/openid-connect/auth) to pass new values to the IDP and create internal user, but I haven’t found any documentation to extend through SPI this endpoint.

Is there an SPI to extend this part of keycloak?

You mean authentication, not authorization…

Look at the Authenticator SPI, that’s your friend: Server Developer Guide