While it doesn’t seem like this is likely to change, I want to point out that RFC3986’s definition of an absolute URI allows for * to be part of the absolute URI. Here are the relevant parts of the grammar that allow for it:
absolute-URI = scheme ":" hier-part [ "?" query ]
hier-part = "//" authority path-abempty
/ path-absolute
/ path-rootless
/ path-empty
authority = [ userinfo "@" ] host [ ":" port ]
host = IP-literal / IPv4address / reg-name
reg-name = *( unreserved / pct-encoded / sub-delims )
sub-delims = "!" / "$" / "&" / "'" / "(" / ")"
/ "*" / "+" / "," / ";" / "="
There is a comment in RFC-6749 that the most common name registry mechanism is DNS, but to be pedantic, there is no comment in the OAuth 2.0 spec that URIs using a hostname (instead of IP address) must be resolvable via DNS.
I completely agree wildcards in the hostname can be problematic, e.g., *.com. However something like *.mydomain.com when a user owns mydomain and all its subdomains seems reasonable assuming * in this case only represents a single subdomain (i.e., cannot include .). The rules Auth0 uses seem to be sensible: Subdomain URL Placeholders