Credentials enable confidential applications to identify themselves to the authentication service when receiving tokens at a web addressable location (using an HTTPS scheme). For a higher level of assurance, Microsoft recommend using a certificate (instead of a client secret) as a credential.
I don't rule out Microsoft supporting only certificates in the future. Therefore, development in this area does not seem to me to be a wasted investment.
For the Universal GUI, we use Identity Provider "Azure" where IAM is linked based on Client ID and Client secret. Because "Client secrets" have an expiration date it would be nice to use a certificate instead of client secret ID.