The reason Facebook send those messages is that they are trying to ensure that there are no insecure loopholes that could leave them, their apps, or their users vulnerable to exploit.
That said, Auth0 can still be used. Please make sure you adhere to FB’s updated security requirements, particularly WRT to Allowed Callbacks (requiring https).
For additional information, see: