Try to answer your questions in the order:
- Tokens are used in Identity in several ways. You can use them to reset the password or confirm the user's email address. Here you create a token specific to the corresponding user, which can be used for these two purposes. They will be sent to the user, for example, as a link to a view that processes the confirmation. You can also rewrite the token by providing it to the user (it is very long), but it is important that you cancel the rewriting during the confirmation process. In general, when you refer to a token in Identity, it means a token to authenticate the user. This is a signed token that is not stored on the server.
- The security timestamp is used to track changes made to the user profile. It is used for security purposes when changing important user properties, such as changing a password. Usually you do not need to work with the timestamp directly, but if you add the default users in the code approach when sowing the database, you must set the timestamp for security. If you do not, you need to take some steps to use these users manually.
Most of them are mostly handled by Identity itself, but you will need some knowledge if you want to make some adjustments. If you want to dig deeper, Brock Allenโs blog is a good resource because the official documentation doesnโt contain some important things and usually doesnโt work-on-date.