You are intentionally allowed to use data that would be considered invalid by the spec, both because I cannot be bothered to check and because your server implementation should be able to handle those appropriately. You will be able to enter your token POST endpoint during the next step for further verification.
Return