I got a chance to work on Auth0 signup API. the weird thing i found is that when i hit the API even without providing the Bearer token in header it still working fine. This is strange, vulnerable and unexpected behavior. Please report this to your developer team asap.
@konrad.sopala
Thanks a lot for that! Passing the info right away to our product team.