Reverse proxying a problematic OAuth2 provider

I’m working with an OAuth2 IDP that requires calls to a different domain depending on the user’s account. The obvious solution (to me) would be to create a reverse proxy for all of the IDP’s domains, differentiating by query parameter (at signup time) or profile metadata (for subsequent logins).

Is there any reason why this would not work? For reference, I’m trying to write a Shopify app that will work for multiple stores, even though its OAuth requires calls to https://{shop} Alternatively, I’m researching whether I can do dynamic redirects with Rules, but I don’t know whether that’s feasible.