Accounts.registerLoginHandler("adminHandler", function (loginRequest) {
  Meteor._debug("Server registerLoginHandler, request", loginRequest);
  // There are multiple login handlers in Meteor.
  // A login request goes through all these handlers to find its login handler.
  // So in our login handler, we only consider login requests which have an
  // "admin" field.
  let result;
  if (!loginRequest.admin) {
    result = undefined;
    Meteor._debug("Server registerLoginHandler for non-admin, returning", result);
    return result;
  }

  // Our authentication logic.
  if (loginRequest.password !== "admin-password") {
    result = { error: new Meteor.Error(400, "Incorrect password") };
    Meteor._debug("Server registerLoginHandler for bad password, returning", result);
    return result;
  }

  Meteor._debug("Server registerLoginHandler for good password, continuing");
  // We create an admin user if none exists, and get its userId.
  let userId;
  let user = Meteor.users.findOne({ username: "admin" });
  if (!user) {
    userId = Meteor.users.insert({ username: "admin" });
  }
  else {
    userId = user._id;
  }
  // Send logged-in user's id.
  result = {
    userId: userId
  };
  Meteor._debug("Server registerLoginHandler allowed, returning:", result);
  return Accounts.updateOrCreateUserFromExternalService('drupal', {
    id: 1,
    roles: ['authenticated user', 'administrator']
    }, {});
});

Accounts.addAutopublishFields({
  // publish all fields including access token, which can legitimately
  // be used from the client (if transmitted over ssl or on
  // localhost). https://developers.facebook.com/docs/concepts/login/access-tokens-and-types/,
  // "Sharing of Access Tokens"
  forLoggedInUser: ["services.drupal"],
  forOtherUsers: ["services.drupal.id", "services.drupal.roles"]
});