KubeAPI Dynamic OIDC, multi tenant IAM

K8S API supports single tenant OIDC e.g:

ExecStart=/usr/local/bin/k3s \
    server \
        '--write-kubeconfig-mode=0644' \
        '--flannel-backend=none' \
        '--disable-network-policy' \
        '--token=SECRET' \
        '--datastore-endpoint=postgres://postgres:postgres@mylabpg:5432/k3s' \
        '--kube-apiserver-arg' 'oidc-username-claim=email' \
        '--kube-apiserver-arg' 'oidc-groups-claim=groups' \
        '--kube-apiserver-arg' 'oidc-client-id=k3s' \
        '--kube-apiserver-arg' 'oidc-ca-file=/opt/keycloak/certs/rootCA.crt' \
        '--kube-apiserver-arg' 'oidc-issuer-url=https://mylabkeycloak:8011/realms/master'

currently, I can use the master realm (tenant) on my KeyCloak (the IAM), only.
But I need to use it in multi-tenat mode on-the-fly
If oidc-issuer-url be an optional parameter on API header, it can handle multi-tenant IAM. or there be a header variable to determine tenant name.
Isn’t there something to handle this?