Understanding Service Provider Interfaces
If you are already familiar with the Java language, you probably know what an SPI is. If not, think about it as a pluggable mechanism for adding or changing behavior to an extensible Java application without changing its code base.
Keycloak is built with extensibility in mind where features are implemented using a set of well-defined interfaces. Features such as the ability to authenticate users using different authentication mechanisms, auditing, integration with legacy systems for fetching identity data, map claims into tokens, register new users and update their profiles, and to integrate with third-party identity providers are all backed by a set of service interfaces and a corresponding SPI. The same is also true for core features, such as caching, storage, or the different security protocols supported by Keycloak, although for those, you would hardly have a need to customize: