idToToken

Creates an opaque token that can be safely given to the client. On the server the Identity objects are identified by its id, which stays the same. When referencing an identity from the client, we do not want the client to be able to play any games, thus the actual server-side id and a small amount of metadata is encrypted using server secret key.

We use these tokens for various purposes (identified by TokenType) and always validate that the token we get is actually created for its intended purpose. Also a token may contain expiration time and it can only be used until it expires.