The generateSignedToken
method uses the signToken
method on a token generated by generateToken
(as you can see in the source on github). The documentation says about the signToken method (Documentation of play.libs.Crypto):
Sign a token. This produces a new token, that has this token signed with a nonce. This primarily exists to defeat the BREACH vulnerability, as it allows the token to effectively be random per request, without actually changing the value.