@h7 Thanks, this helped, in my case with no need to make the app public. It's still "In Development", but working.
The settings at Facebook for Developers are like the following:
Facebook Login > Settings[yes] Client OAuth Login [yes] Web OAuth Login [no] Force Web OAuth Reauthentication [yes] Use Strict Mode for Redirect URIs [yes] Enforce HTTPS [no] Embedded Browser OAuth Login Valid OAuth Redirect URIs: https://example.com/community/auth/facebook/callback [no] Login from Devices
Well, not sure if all this is needed, but after many tests it's working this way.
There is also the interesting video Facebook SSO for NodeBB - YouTube, which is helpful although not complete.