I am trying to implement reset password feature in Spring Boot.
When user forgets its password, a link with generated token is sent to his email. Token is used to verify user that is changing password. I am storing that token in token column of user table in database. My question is what is the best practise for saving user token? Is it better to create another table for token to store both token and timestamp so I can check if it is expired or should I just keep it as column in user table?

User Entity:

@Data
@Entity
@Table(name = "user")
public class User {
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    @Id
    @Column(name = "user_id")
    private Integer userId;
    @Basic
    @Column(name = "first_name")
    private String firstName;
    @Basic
    @Column(name = "last_name")
    private String lastName;
    @Basic
    @Column(name = "username")
    private String username;
    @Basic
    @Column(name = "password")
    private String password;
    @Basic
    @Column(name = "email")
    private String email;

    @Basic
    @Column(name = "token")
    private String token;
    ...
  }