Problem statement: Does Auth0 enforce a limit on the length of a user’s password? The Create User API does not seem to validate password length.
Solution: Although the API doesn’t explicitly reject requests for longer passwords, Auth0 will ignore differences after 72 chars in order to protect against potential DoS attacks.
Resources 
: