@h7 Thanks, this helped, in my case with no need to make the app public. It's still "In Development", but working.
The settings at Facebook for Developers are like the following:
Settings > Basic
Facebook Login > Settings
- [yes] Client OAuth Login
- [yes] Web OAuth Login
- [no] Force Web OAuth Reauthentication
- [yes] Use Strict Mode for Redirect URIs
- [yes] Enforce HTTPS
- [no] Embedded Browser OAuth Login
- Valid OAuth Redirect URIs: https://example.com/community/auth/facebook/callback
- [no] Login from Devices
Well, not sure if all this is needed, but after many tests it's working this way.
There is also the interesting video Facebook SSO for NodeBB - YouTube, which is helpful although not complete.