@BenKoshy I have a complete explanation of how this feature works in another thread in the here:
The basic idea is that the method uses the record id and the name you pass it to generate an encrypted value, that it can then decrypt and compare back with the id. You can even pass it a block with some additional data for verification. This is useful if you want the token to stop working after something changes in the record.