Feature: Return an Error for Passwords Exceeding Size Limits
Description: According to the Auth-0 documentation and this community post, passwords exceeding 72 bytes in length are silently truncated. Instead of truncating, it would be more effective to return an error when a password exceeds this length. This approach aligns with the recommendations outlined in the OWASP Authentication Cheat Sheet.
Use-case: For compliance reasons, we need to enforce an upper limit on password length. Since Auth0 does not currently support configuring this limit, we expect that an error should be returned when a password exceeds 72 bytes, rather than silently truncating the password.