No, I obviously don’t then. As creating a setup to subscribe to a webhook, pull the CSV data and store it for you to do whatever you like with takes 10 minutes and once setup you can just leave it to do its thing and not have to spend more effort on it. And creating code to get ID’s again is just an API call, it’ll take 10 minutes to write something where you type a list of usernames and it spits out their IDs (this even has the benefit of being able to be used for far more stuff than just extension whitelisting).
If you still want to do whitelist based entirely on username only, and accept the security issues you’re willingly opening yourself up to, you can even do that yourself in the EBS or Client of your extension and just not allow it to be activated by anyone except the list of usernames you provide.