The extended attribute with the UUID is named com.apple.application-instance and put into the application. You read it in Xojo with our ExtendedAttributesMBS.GetRawAttribute plugin function. When you sign the app, you zip the app to an archive. Next you add an "._name.app" file to the archive with the name of your app containing the encoded metadata with extended attributes. We got such a file with zipping an application with the extended attribute using ditto command line tool. Than we extracted the metadata file from the archive without applying it. Than we add this file now with the application zip without compression, so one dummy UUID is there without compressing. On the website, you would have a php script to replace the given UUID in the zip archive with whatever UUID you need for the user.
In short the idea is to have the zip on the server. When someone loads it, you switch the UUID to the new one. Than you let the user download, run the app within minutes and auto login them for their account. A seamless experience for the user!
And the great thing: Changing the UUID in com.apple.application-instance extended attribute will not break the code signing as you can read in TN2206.