I have the same problem. I think there is a problem with the authorizationCode from Apple.
In this document Add Sign In with Apple to Native iOS Apps the step 3 does not work.
When I see the /oauth/token endpoint documentation: Authentication API Explorer the code parameter is the value obtained from the call to the /authorize endpoint (Authentication API Explorer). But the authorize endpoint trigger the web based authorization (Universal Authorization).
So the problem is how to get the proper code from /authorize endpoint without triggering the web authorization or how to configure the Apple Sign In in the Auth0 settings to accept the Apple authorizationCode.