How might you go about writing your own token privoder in your CMS?

Here's a simple example in PHP using JWT tokens - you'd only need to implement `getLoggedInCmsUser()`

```php
<?php
	use ReallySimpleJWT\Token; //  composer require rbdwllr/reallysimplejwt
	require 'vendor/autoload.php';
	$secret = 'sec!ReT123&'; // CHANGE THIS ^^

	function getLoggedInCmsUser() {
		return 'example'; // TODO implement (this bit will depend on your CMS)
	}

	if (isset($_GET['validate'])) { // validate an incoming request from the backend
		$valid = Token::validate($_GET['validate'], $secret);
		http_response_code($valid ? 200 : 403);
		echo $valid ? 'valid' : 'invalid'; // for humans
	} else { // generate a new access token based on the CMS logged in user
		$user = getLoggedInCmsUser();
		if ($user) {
			$expiration = time() + 3600;
			$token = Token::create($user, $secret, $expiration, 'cms');
			header('Content-Type: text/plain');
			echo $token;
		} else {
			http_response_code(401);
		}
	}
```

This example works with the [anuraStatusCodeTokenVerifier](/anura/backend#anura-1-token-verifier)