@h7 Thanks, this helped, in my case with no need to make the app public. It's still "In Development", but working.
The settings at Facebook for Developers are like the following:
Settings > Basic
Display Name: Example Community Login App Domains: example.com Contact Email: [email protected] Privacy Policy URL: https://example.com/privacy/ Category: Some category Site URL: https://example.com/community/Facebook Login > Settings
[yes] Client OAuth Login [yes] Web OAuth Login [no] Force Web OAuth Reauthentication [yes] Use Strict Mode for Redirect URIs [yes] Enforce HTTPS [no] Embedded Browser OAuth Login Valid OAuth Redirect URIs: https://example.com/community/auth/facebook/callback [no] Login from DevicesWell, not sure if all this is needed, but after many tests it's working this way.
There is also the interesting video Facebook SSO for NodeBB - YouTube, which is helpful although not complete.