I'm not trying to do anything like that but I wanted to add some logic to Keycloak authenticators so I was interested in this question. The redirect uri ( ru ) is in the client_data URL path parameter encoded to base64, of the request starting the Login and then it is passed to the Register and finally used. I don't see an option to replace it - at least not in the authenticator.