Q1: it doesn’t (yet) work with the New ULP (though it’s been added to the product backlog as feature request, no ETD). Therefore my previously linked thread doesn’t apply, neither do the callback URLs help here.
Q2: see the approach here, it’s an example referring to the auth0.js / authorize method:
Pass the plan infos like this and read them out in the Rule again (and store them as app_metadata).