I would highly suggest Auth0 to follow the NIST’s password guideline. Allow all special characters and emojis rather than limited set of special characters.
In the Password Policy documentation, you are only allowing these special characters !@#$%^&* and the OWASP even the NIST, don’t recommend limiting the special characters.
Thanks for the feedback! The best place to submit this type of information is through a feedback ticket. This is a direct line to our product team, and helps us improve the product. It also allows the product team to contact you if they require more information.
Let me know if you are unable to submit, and I will submit the feedback on your behalf.