Extending Keycloak's core functionality without forking

[Sam Spagl]

Hey Keycloak Community, 

first time writing here, so just hit me up, if I should clarify something. :) 

I’m looking for a good way of extending some of the core functionality of Keycloak without creating a fork, as maintaining it would just include a lot of manpower.

The goal would be to:

• Extend the AccessToken with two or more additional fields, for example one for “amr” or  “foo” and “bar”,
• Adding new features also with GUI support, and extending the realm_import / export with these features / settings for SPI Authenticators
• Adjusting / extending the way some endpoints work

The option I found for some of those points is to include Keycloak as a maven dependency and copy the new SPI’s / overwrite specific files. That way it was possible to for example extend the functionality of the “openid-connect/auth” endpoint. 

It also seems that it would be create a “CustomAccessToken” class, which would be implemented in our custom endpoints etc. But I fear that we will have a conflict sooner or later if we not extend the default “AccessToken” (for example).

Is there a) a better way of extending Keycloak than the described one, and b) a way of really extending the core classes without creating a custom class for everything (which also would need to be referenced nearly everywhere).

Thanks a lot in advance. 

Best Samuel