e.g., "https://en.wikipedia.org:22" and "https://user:password@graphite.wikimedia.org" both work (the URL is shortened and the target URL preserves the port number and authentication credentials).
Since URI schemes are normalized to https / http, restricting port to ports 80 and 443 seems like a good idea. Auth credentials should be stripped or rejected as invalid input.