Using KC to authenticate user existing in an external system

Hello there,
We have a scenario that we need to authenticate some users that does not exist in KC DB and all we get is their details.
We are protecting our web app currently with KC.
The flow we are looking for is:

  1. User enters an external system
  2. Authenticates using the external system
  3. Clicks on a link to open our system
  4. Our system is loaded with parameters in the URL that tell us the info about the authentication of the user in the external system. We get some hashed key that we need to validate and when we do we basically can say that the user is authenticated
  5. The user is automatically logged in to our system

What am I looking for in KC?
Do I need to implement a certain SPI?
Is it possible to create a new user in KC using the data we have? Where should this user be created in the process? Is there a way to do it inside an SPI?
Is it possible to have KC generate a JWT without an existing user in its DB?
Is it possible to initialize the KC-JS adapter with a JWT we got elsewhere?

If you have some example for this please add it

Please help