我在Drupal 8中创建了一个自定义模块,允许用户使用facebook登录进行身份验证。他们的访问令牌与存储在数据库中的访问令牌进行核对,如果匹配,则对用户进行身份验证,如果没有,则将其重定向到允许他们将Facebook帐户链接到Drupal用户的页面。
登录按钮是:
<button id="login_fb" onclick="logIt()">Log in with Facebook</button>
带有对Drupal控制器的ajax请求的“logit”函数是:
function logIt()
{
FB.login(function(response) {
if (response.authResponse) {
if(response.authResponse.accessToken)
{
var request = $.ajax({
url: "/user/token",
method: "POST",
data: { access_token : response.authResponse.accessToken},
dataType: "json"
});
request.done(function( msg ) {
window.location.replace(msg['redirect_url']);
});
request.fail(function( jqXHR, textStatus ) {
alert( "Request failed: " + textStatus );
});
}
}
}
处理此ajax调用的控制器代码是:
public function token() {
$fb_token = $_POST['access_token'];
$query = db_select('user__field_fb_token', 'u');
$query
->fields('u')
->condition('u.field_fb_token_value', $fb_token,'=');
$res = $query->execute();
$res->allowRowCount = TRUE;
$count = $res->rowCount();
//See if anybody has this access token
if($count > 0)
{
$user = $res->fetchAssoc();
//TODO: Refresh access token and update
$login_id = $user['entity_id'];
//Redirect the user to topics
user_login_finalize(user_load($login_id));
$response_arr = array("status" => "authorised","redirect_url" => "/topics");
}
else
{
$_SESSION['access_token'] = $fb_token;
$response_arr = array("status" => "unauthorised","redirect_url" => "/user/auth","token" => $fb_token);
}
$response = new Response();
$response->setContent(json_encode($response_arr));
$response->headers->set('Content-Type', 'application/json');
return $response;
}
奇怪的是,db_select查询始终返回0,因此不会对具有此令牌的用户帐户进行身份验证。但是替换
$fb_token = $_POST['access_token'];
与
$fb_token = '** hard coded access token **';
产生正确的结果。我已经检查过传入的post变量并且它存在(这就是为什么我通过未经授权的响应传回它以检查它是否为空白。)
我认为它可能与FB.Login方法的异步性质有关,但不确定。
非常感谢任何有关此事的帮助!