This skeleton uses sessions (cookies) to handle the logged-in user.

You could also use the OAuth 2.0 authentication standard in combination with a Bearer-Token or a JSON Web Token.

lcobucci/jwt is a good library to work with JSON Web Token (JWT) and JSON Web Signature based on RFC 7519.

Please note that a logout functionality with tokens is not feasible without giving up the stateless principle.

It's up to you how you configure the routes and their individual authentication.

Read more:

• OAuth Libraries for PHP
• Slim 4 - OAuth 2.0 and JSON Web Token (JWT) Setup

This section is under construction!

Determine the logged-in user ID:

$userId = $this->auth->getUserId();

Checking the user role (permission group):

$isAdmin = $this->auth->hasRole(UserRole::ROLE_ADMIN);