id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
28017	Add option to specify a different secret to PasswordResetTokenGenerator	Jann Haber	Jann Haber	"In the PasswordResetTokenGenerator class, it is very difficult to use a secret different from settings.SECRET_KEY. In Django however, it would be very easy to add an attribute ""secret"" to the class, which defaults to settings.SECRET_KEY and is handed to ""salted_hmac"" in the method ""_make_token_with_timestamp"". 

Currently, one would have to overwrite the _make_token_with_timestamp method, which is not documented and likely to change, or one could misuse modify_settings or override_settings in production.

Our usecase is, that we have a site for our employees and a self-service-site for customers deployed on different servers and with different SECRET_KEYs. Both sites should be able to generate Reset-Links for the self-service site."	New feature	closed	contrib.auth	dev	Normal	fixed			Accepted	1	0	0	0	1	0