[keycloak-user] Client (App) - Keycloak (Server) binding

Hey there, I didn't find any documentation about this particular topic, let me explain a bit. How can I bind my application to a Keycloak server instance and be sure that this binding is immutable? I know about certs and public key but if someone changes the key on my app it would be able to use a different Keycloak instance to authenticate, isn'it? Thanks for your clarification and I apologize if this is not the right way to use the mailing list.