I've been looking into this recently and the problem I have come across is that the token they are using is 46 charactors. This means it would have to be an 184-bit hash function which as far as I can tell doesn't exist. I agree that it has to be based on the current time since they are no constant characters. I'm trying to see if maybe it is the current time encrypted using the token as the key.
If anyone else has any insight on this it would be great.
EDIT:
I found the solution:
generate a 6 random leters and numbers such as: d298c5
Then find the name of the command you are going to run: logoutUser
get your communicationToken: 4b6706fb94216
generate the sha1 hash of param+":"+communicationToken+":theColorIsRed:"+theRandom:
"logoutUser:4b6706fb94216:theColorIsRed:d298c5"
gives you e36c21d4a8585d5144643a1477a7d7dd9fb95fdb
append the random onto the front giving: d298c5e36c21d4a8585d5144643a1477a7d7dd9fb95fdb
and there's your Token.
