Dynamic origin of safari-web-extension and static callback urls

Hi :wave: there

I have a Safari web extension where I am adding login. The problem is that every instance of the extension has a unique extension id (literally, you reinstall same build and it gets new uuid), which is in the origin, like safari-web-extension://XXXX-XXXX-…XXXX. And to get back after authentication at auth0, I need to supply it as redirect_url. And it is not supported by auth0 to have wildcard in the origin.

So far I have a nasty workaround: every time before using it as redirect_url, I call my backend with the extension id and add the templated callback url to a list of allowed ones via update client request to auth0 api. And need to take care of removing it after some timeout.

Another idea is to redirect to my backend endpoint, but I need to find how to send extension id there. As parameterising redirect urls is not supported by auth0, it becomes a tricky question. I can only make a backend serving at dynamic subdomains like {extension-id}.my-backend.com and collect redirects like https://XXXX-XXXX-…XXXX.my-backend.com/redirect-for-safari/ there, this is the only supported wildcard at auth0, but then it is not recommended for production.