I am wondering, where did mTLS and client certificates go. I mean pretty much every app is likely to operate over http, and that’s the base, the defined way to do user authentication.

I know the third party SSO services are recommended but .. I still have a hankering after the old, run it yourself approaches.

Am I missing something?