shrugs
They can’t do much without your Client Secret but I do see your point.
However I did do a check,
Seems you can set it to 127.0.0.1 or at least “works for me”
And works fine for me with a brand new clientID
using 127.0.0.1:3000 in my example
And using yours