Your statements are aligned with what’s mentioned in the SMTP RFC in relation to the possibility of treating the mailbox local-part as case sensitive.
The local-part of a mailbox MUST BE treated as case sensitive. Therefore, SMTP implementations MUST take care to preserve the case of mailbox local-parts.
However, the same RFC goes on to add the following:
However, exploiting the case sensitivity of mailbox local-parts impedes interoperability and is discouraged.
As a personal opinion, this seems like a case where the fact that the specification allows us to do something does NOT mean we should do it. Choosing to treat the local-part of the email address as case-sensitive seems to be opening the door for a world of user experience problems. It would be as if your snail mail provider started to not deliver any letter that had your actual name in upper case.
From the Auth0 perspective, at this time, the full email address is generally treated as case insensitive; hence the behavior you’re experiencing. There’s no configuration currently available to change this behavior.