To be totally nitpicky, it's a 5-tuple, with the protocol also included 
The usual worry with doing CGNAT with the range of ports restricted by client is that even for normal (household, small business) use cases, in fact it can easily occur that you have more than 100 connections that can only be differentiated by the selected port on the NAT device
The typical example is querying a public DNS resolver, such as 8.8.8.8, using UDP, dst port 53. Here the only things left to discriminate the connections by is the src port selected by the NAT device. Also, with UDP, the connection tracking entry is only evacuated by timeout. Just to add further inconvenience, when connecting to a website in a modern browser, at least three (A, AAAA, HTTPS) queries are done in parallel.
This is in fact why every big manufacturer of these devices suggests 2048 ports per normal residential user when allocating statically. This is also why bulk port allocation (BPA) exists.
Then of course there's endpoint independent NAT, where by its definition, only the source port may be used to provide differentiation, and nor the destination address or port can be used.