/** * @param User $user * @param int $timestamp * * @return string */ private function getLoginToken(User $user, $timestamp) { $hash = base64_encode(hash_hmac('sha256', sprintf('%d|%s', $timestamp, $user->getId()), sprintf('%s|%s', $user->getPassword(), $this->getParameter('secret')), true)); // URL-friendly hash. return strtr($hash, ['+' => '-', '/' => '_', '=' => '']); }