Regardless of whether you're using React, FastAPI, or something else, I recommend pinning your bcrypt version to 4.3.0, preventing the 2025-09-25 update to 5.0.0 from being applied. I ran into the same problem on an app which was previously stable, which I suspect was caused by some sort of change in default behavior between passlib and bcrypt, and this ended up resolving the issue. Extensive logging and debugging showed that the inputs I had were definitely under 72 bytes, just like your case.

In Python, for example, the requirements.txt file can be changed from:

"bcrypt" to "bcrypt==4.3.0"