I think there’s some misunderstanding of OAuth2. If you need to secure your webhooks, N8N is your resource server and just needs to verify the token the clients sends in the Authorization: Bearer XXX
header. So you would need a separate server for providing the authorization server functionality.
If you need to install NPM packages to N8N, you can create your own image like
FROM n8nio/n8n
RUN npm install keycloak-connect
ENV NODE_FUNCTION_ALLOW_EXTERNAL=keycloak-connect
However, I’ve filed a feature request for that since there are multiple problems with OAuth2 authentication right now: Secure Webhooks with OAuth2