How to generate app token

  node.js, question

1 app token is currently used in many places. Please tell me what method is commonly used to generate it, for example: timestamp plus userid plus random string. The general rule is What?

I think it is not safe to store passwords or something in token. although there is encryption, my method is to store random strings. there are two fields in the data table, one is random strings and the other is user id