if ($user->getToken() === $token) {
            // check token lifetime
            $tokenGeneratedAt = $user->getTokenGeneratedAt();
            $tokenLivedTime = time() - strtotime($tokenGeneratedAt);