[keycloak-user] Redirect URI Manipulation

Hello everyone i am testing keycloak server and so far I am impressed on how light it is compared to other solutions of the same kind and how clean and concise is the interface of the server. I would like to use keycloak as a platform to introduce several vulnerabilities in order to have a live example of a vulnerable open-id provider. Those of you who do have a good understanding of the structure of keycloak do you believe it is a good choice or should i head to something else? For example if I want to bypass the check of the redirect URI, would that require edits in multiple files? Could someone indicate which files in that case? thank you for your time Vas