have their own custom domain for their instance, hosting an auth server. If someone wants to develop an app to talk to my service, they would have to register it with the instance of every user, which is impossible. Am I missing something? 2/2
Doesn't have to be a top level domain, just a URL. Both users and apps are identified by URLs.
I do think there's value in just client IDs being URLs in some cases, demonstrated by the fact that Home Assistant picked out just that part of the spec for their OAuth API.