Should the generation method of password-reset-tokens be kept secret?

Should the generation method of password-reset-tokens be kept secret?

Is it, in any way, insecure for a service to reveal the generation method of its password-reset-tokens?

I think that Kerckhoff’s principle is applicable here, stating that

a cryptosystem should be secure, even if everything about the system, except the key, is public knowledge.

I think this would mean that in the case of password-reset-tokens, if you must keep the generation method a secret for it to remain secure, then it isn’t really secure.