Use case: Using auth0 to protect internal services, which do not a fixed name (dynamic private IP)
I have a number of devices which are deployed to customer sites. These devices expose a web page which is protected with Auth0.
The IP address of these devices is subject to change, and their network hostname cannot be depended on.
When doing a call back in with Auth0, the error comes up to say that the callback url is not allowed. This is because the resource is a private IP address. This address can be added, but as it may change this is not very useful.
This has not been an issue with other identity providers where a wildcard callback url is permitted.
In this use case, and assuming the risks involved are understood, is it possible to make an exception and allow any callback url in auth0?