Once inside your application, you need to make sure that only users that are logged in, have access. This is very easily accomplished by:

\Platform\Accesstoken::validateSession('/login/');

This validate the user session and extends it for a period of time. If the session cannot be validated the user is returned to the given URL.

If you want information about which user is logged in, do this:

\Platform\Accesstoken::getCurrentUserID();

That's it.