| ▲ | wrs 5 days ago |
| Did I interpret correctly that this sends a push notification every minute telling your phone to download a new code? If so, that seems like a battery problem… |
|
| ▲ | dom96 5 days ago | parent | next [-] |
| The article mentions they need to be refreshed every week, so I'd guess at most once a week. |
| |
| ▲ | ItsHarper 4 days ago | parent | next [-] | | I think ideally you'd do it maybe every day or so, so that if the user goes offline for a while, or the server you're running goes down or something, the pass will continue to work for at least 6 days. It buys you a lot of time to fix things. | |
| ▲ | wrs 5 days ago | parent | prev [-] | | The RefreshAt is a week, but if the code is actually valid for a week, it's not clear why a simple screenshot of the code didn't work. | | |
| ▲ | bpicolo 5 days ago | parent | next [-] | | It seems like it did work and they didn't want to deal with manually updating it weekly | |
| ▲ | xeromal 5 days ago | parent | prev | next [-] | | I don't know security that well but if the puregym app refreshes the token then the old tokens would expire immediately right? | | |
| ▲ | shermantanktop 5 days ago | parent | next [-] | | Nope. As I read it, any token less than a week old would work. So for any user, they have 7 * 24 * 60 tokens live at any time. | | |
| ▲ | dwedge 5 days ago | parent [-] | | He said the code from Monday didn't work on Tuesday | | |
| ▲ | valzevul 5 days ago | parent [-] | | Yeah, screenshot on Monday, messed with the app that evening, tried using it Tuesday morning -- dead. I've seen people on PureGym's Twitter successfully refreshing screenshots weekly though, and the API response suggests the same. That being said, I couldn't find a validation endpoint to check if mine got invalidated by something specific (maybe signing out?) or if there's some other magic happening. | | |
| ▲ | dwedge 5 days ago | parent [-] | | I wonder if opening the app invalidated it, and those people who had it working just screenshot once. My gym has a similar system but I realised it's time based and the app functions without Internet. I installed the app onto an old android with no sim, logged in at home over WiFi and it successfully regenerated QRs without data |
|
|
| |
| ▲ | wahnfrieden 5 days ago | parent | prev [-] | | no |
| |
| ▲ | MBCook 5 days ago | parent | prev | next [-] | | Because you’d have to waste the time to take a new screenshot every week, of course. | |
| ▲ | aembleton 4 days ago | parent | prev [-] | | Probably invalidates old tokens when a new one is generated. |
|
|
|
| ▲ | withzombies 5 days ago | parent | prev [-] |
| You can send background push notifications which are delivered when the phone is ready for them. They don't deliver when the phone is low battery or in low battery mode. It's specifically made to reduce battery consumption. Higher priority push notifications require a user visible UI element and ca be delivered regardless of certain low power situations. |
| |
| ▲ | wrs 5 days ago | parent | next [-] | | It sounds like this only helps power consumption after you've already run low on power. Seems like processing frequent notifications would accelerate your progress toward that low power state. | | |
| ▲ | kccqzy 4 days ago | parent [-] | | Yeah but many people turn on Low Power Mode manually every time they unplug or via automation at a high threshold. |
| |
| ▲ | refulgentis 5 days ago | parent | prev [-] | | > Higher priority push notifications require a user visible UI element The QR code for a pass sure sounds like a priority user visible UI element. | | |
| ▲ | jon-wood 4 days ago | parent [-] | | Only if it’s visible, from the sound of it these are background notifications so that the QR code can be ready if you open the pass. |
|
|
