Communicatiion between page and content scrip

I’m migrating my auth. from cookies to tokens, so now when user logins on my server page, I want to copy the secret token into my addon (because I have to include it in all requests).

But I’m not sure how - the postMessage docs says that I should instead do:

Web context scripts can use custom events to communicate with content scripts (with randomly generated event names, if needed, to prevent snooping from the guest page).

Can someone explain it or give me an example? Should my addon create some DOM element and the page would dispatch custom event on it with random name???