I was thinking of using persona authentication with my android application.
Can someone please enlighten me about what couchbase does with persona? Does the server run some code that responds to a persona request? Does authentication happen at a https://login.persona.org/sign_in? What components would I need to build in Android? I've seen a few classes for iOS like PersonaController which seems to depend on a PersonaControllerDelegate, but I'm very new to Objective c. I'm looking for a basic flow and some pointers on what I'd have to do to make it work.
The client app needs to get a Persona "assertion" (a long opaque base64 string) that it gives to the Replication instance. The replication then sends this assertion to a login URL on the Gateway, which in turn verifies it and then returns a session cookie.
In theory this can be done without using the persona.org website, but it would require writing a bunch of crypto code and I don't think anyone's done that yet. Instead, the client pops up a web view that loads the persona.org login page, and injects some JS that captures the assertion string that comes back with the login confirmation.
On the server side, the gateway sends the assertion to a REST API at persona.org that verifies it and sends back a true/false response. If it gets a true it generates and returns a session cookie.
I don't know if there is an Android equivalent of the Persona login UI that we use in our iOS examples. (I work on iOS, not Android.) The best thing is to ask on our mailing list/Google group at https://groups.google.com/forum/?fromgroups#!forum/mobile-couchbase .
@bmhardy have you implemented the persona login? I wanted to know because I wanted to implement it too.