Well, @konrad.sopala, this is my 
moment of the day. There was a space in the client secret, which is why the request was failing.
Thanks @marcus.baker for the help figuring this out!
For those stumbling upon this issue, please note that this mistake is really easy to make. Here’s what the page looks like in the Google API Console for configuring the credentials:
I edited the Client Secret part of the page to show that there are spaces before and after the client secret in the HTML element. Thus, if you copy-paste that field into the client secret field on the Auth0 side, it will come with spaces at the beginning and end of the string. Apparently I noticed the space at the end of the string and removed it, but I didn’t notice when I pasted it that there was a space at the beginning of the string. Unfortunately (and understandably) this manifests simply as “Unauthorized” so it’s a bit tricky to track down unless you look closely.
Thanks again Marcus and Konrad for helping me with this. I wish for my sake the root cause was something complicated, but in this case it was a good ol’ fashioned typo. So it goes. 