Firstly, thank you for your great reply.
The approach to 1 seems going down the microservice rabbit hole! But I do understand the principle stated.
With regards to 3, I think a user would expect if they logged in as ‘IamUserA’, connected facebook, changed username to ‘IamUserB’ then would expect to use the latter with the password authentication method?
That said, I had a discussion with a friend who uses Auth0 in a commercial environment, and convinced me the best approach is to manage the username aspect in my own custom database alongside the Auth0 service which has proven successful.