Using OpenID Connect to authenticate users

This helped alot however be aware, in a HA pair if you use the default .crt/.key as per this config you will get sync errors, it's not immediately obvious.

https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/big-ip-access-policy-manager-oauth-configuration-14-1-0/04.html

For Certificate File, select a certificate. Important: Do not select the default certificate when the BIG-IP system is on a chassis platform or is included in an HA pair. F5 strongly discourages the use of the default certificate in a JWK in any configuration. For Certificate Key, select one. Important: Do not use the default key when the BIG-IP system is on a chassis platform or is included in an HA pair. F5 strongly discourages the use of the default key in a JWK in any configuration.