Yes, for a C11N Constellation app, an OAuth 2.0 Client Registration is required, but creating a random one is not sufficient. The client registration must be the one associated with the C11N application, and its credentials must be referenced by the app’s authentication/profile setup so the runtime can obtain an access token before DX API calls are made.
After creation, verify the client registration is correctly linked to the app/access group, regenerate the secret if the app was imported, and confirm the authentication profile/endpoints are pointing to that registration. If this wiring is wrong, the /token call may never happen and DX API requests will fail with 401.