chore: update facebook sdk and implement limited login

[brainbicycle]

This PR resolves PHIRE-736

Description

• Updates facebooks sdk to version 17 containing a privacy manifest
• This update also came with a big change to the Facebook sdk behavior: Privacy manifests only included in release 17.0.0 with breaking changes facebook/facebook-ios-sdk#2384 - if users are not opted into tracking (all of our users) - Facebook defaults to limited login by default on iOS, this means we no longer can get user data back from graph api but instead need to get it from the jwt that is returned and then validate that jwt on our backend to create a user session.

Depends on backend changes to auth code, draft until then.

Experience

For the user the experience is almost exactly the same except the Facebook domain is limited.facebook.com in the new oauth flow.

Limited Sign in iOS

limited-sign-in.mov

Limited Sign up iOS

limited-sign-up.mov

Classic Sign in Android

android-fb-login.mov

Classic Sign up Android

android-fb-signup.mov

Testing Done

iOS:

• email sign in
• email sign up
• facebook sign in (limited)
• facebook sign up (limited)
• apple sign in
• apple sign up
• google sign in
• google sign up

Android:

• email sign in
• email sign up
• facebook sign in (classic)
• facebook sign up (classic)
• google sign in
• google sign up

Follow-ups

• I am seeing some weird behavior in 3rd party sign up on Android in the case when the user needs to performs some update to their account or sign some agreement before continuing with oauth, for example in emulator I got a flow to update my contact settings in google, this seemed to open a separate chrome window, after completing the artsy app restarted, the account was created successfully. I am 90% sure this is not related to these changes but should be investigated.
• some light refactoring of the auth code to make a bit more readable would be good

PR Checklist

• I have tested my changes on iOS and Android.
• I hid my changes behind a feature flag, or they don't need one.
• I have included screenshots or videos, or I have not changed the UI.
• I have added tests, or my changes don't require any.
• I added an app state migration, or my changes do not require one.
• I have documented any follow-up work that this PR will require, or it does not require any.
• I have added a changelog entry below, or my changes do not require one.

To the reviewers 👀

• I would like at least one of the reviewers to run this PR on the simulator or device.

Changelog updates

Changelog updates

Cross-platform user-facing changes

iOS user-facing changes

• update Facebook sdk and implement limited login - Brian

Android user-facing changes

Dev changes

Need help with something? Have a look at our docs, or get in touch with us.

[ArtsyOpenSource]

This PR contains the following changes:

• iOS user-facing changes (update Facebook sdk and implement limited login - Brian)

Generated by 🚫 dangerJS against f03b8e5

[brainbicycle]

need new dep for decoding jwts from Facebook to get user info

[brainbicycle]

this file just moved some existing helpers from AuthModel the make that file a little easier to read, most already existed a few new ones for limited login.

[brainbicycle]

this method is the major new behavior, on iOS we use the new jwt auth for both sign in and sign up

[brainbicycle]

since Facebook now has 2 different oauth modes this param is necessary to decouple oauth modes from providers on backend

[brainbicycle]

similarly, use oauthMode rather than provider name when choosing params

[brainbicycle]

tangent: we have a bunch of deps explicitly listed in the podfile that we get automatically through the associated node_module deps, this makes it harder to upgrade, we should probably remove from the Podfile.