Blazor Wasm ASP.NET Core 6 + Azure Active Directory + Azure Key Vault + Certificate

Hello,

I'm not finding documentation about how to configure and setup a Blazor Client-Side (Wasm) .NET Core 6 application that will allow a non-Azure hosted Application connect to the Key Vault with a Certificate at the AAD app registration setup and not in the users device.

I'm trying to have an application not hosted in Azure have the ability to get secrets from the Key Vault and not have a certificate installed on the users device or certificate store. Ideally when the application launches have the ability to communicate with Key Vault to get its appsettings. The MS Docs provide an example of using a self-signed X509 Cert BUT it has to be installed on the users machine and in their Certificate Store, which is what I want to avoid because its not the user requesting access its the registered application in AAD.

Thanks in advanced