MattV thank you for the quick reply here!
I believe the way this works on the backend, that token is included on links that are considered to be privileged (e.g. giving kudos), and it is checked on the server that it is the same value that is expected.
regarding this: Just to be clear, those are the hidden lia-action-token inputs commonly found on OOB forms? This came to mind because those have often been a culprit when trying to reproduce OOB features in custom components, let's say some kind of OOB form or OOB dropdown menus etc. Concrete example is when we are creating custom topic list views, OOB there is a feature for admins to batch process topics, but we always have to create some ugly workaround to provide an admin view that loads the original OOB component because we can't create a dropdown item to activate batch processing due to it being linked with a lia-action-token. The same then goes for handling batch processed items, OOB the added checkboxes are also linked to a lia-action-token.
If I could use that method to create the token that is found in those hidden inputs, it would allow me to re-create this kind of OOB functionality if the need arises. So it would be valuable to know if that method would generate these kind of tokens.
And if that is the case, the follow up question would be with what kind of string this method would need to be called with to create a valid token the server is going to accept when receiving the payload?
I dug into core code a bit to see where that is used, and it looks like it was included so it could be used in email templates. The only place it's used is in email templates for the reset password link.
It doesn't seem like it will be very useful in Freemarker, but you could try replicating OOB behavior by formulating the link the way it is on the OOB component, and see if it works.
