Once inside your application, you need to make sure that only users that are logged in, have access. This is very easily accomplished by:
\Platform\Accesstoken::validateSession('/login/');
This validate the user session and extends it for a period of time. If the session cannot be validated the user is returned to the given URL.
If you want information about which user is logged in, do this:
\Platform\Accesstoken::getCurrentUserID();
That's it.