@h7 Thanks, this helped, in my case with no need to make the app public. It's still "In Development", but working.
The settings at Facebook for Developers are like the following:
Settings > Basic
Display Name: Example Community Login
App Domains: example.com
Contact Email: [email protected]
Category: Some category
Site URL: https://example.com/community/
Facebook Login > Settings
[yes] Client OAuth Login
[yes] Web OAuth Login
[no] Force Web OAuth Reauthentication
[yes] Use Strict Mode for Redirect URIs
[yes] Enforce HTTPS
[no] Embedded Browser OAuth Login
Valid OAuth Redirect URIs: https://example.com/community/auth/facebook/callback
[no] Login from Devices
Well, not sure if all this is needed, but after many tests it's working this way.
There is also the interesting video Facebook SSO for NodeBB - YouTube, which is helpful although not complete.