Hi,
currently we are experiment with X509 certificates to authenticate OIDC clients. Unlike X509 certificates for users, importing the client CA is not sufficient, each public key of a OIDC client needs to be imported into the truststore.
Can someone verify, if this is that is true or do I missing something? Creating a new client looks painful, since it requires a restart of Keycloak itself and its hard to automate.