| ▲ | dom96 5 days ago |
| The article mentions they need to be refreshed every week, so I'd guess at most once a week. |
|
| ▲ | ItsHarper 4 days ago | parent | next [-] |
| I think ideally you'd do it maybe every day or so, so that if the user goes offline for a while, or the server you're running goes down or something, the pass will continue to work for at least 6 days. It buys you a lot of time to fix things. |
|
| ▲ | wrs 5 days ago | parent | prev [-] |
| The RefreshAt is a week, but if the code is actually valid for a week, it's not clear why a simple screenshot of the code didn't work. |
| |
| ▲ | bpicolo 5 days ago | parent | next [-] | | It seems like it did work and they didn't want to deal with manually updating it weekly | |
| ▲ | xeromal 5 days ago | parent | prev | next [-] | | I don't know security that well but if the puregym app refreshes the token then the old tokens would expire immediately right? | | |
| ▲ | shermantanktop 5 days ago | parent | next [-] | | Nope. As I read it, any token less than a week old would work. So for any user, they have 7 * 24 * 60 tokens live at any time. | | |
| ▲ | dwedge 5 days ago | parent [-] | | He said the code from Monday didn't work on Tuesday | | |
| ▲ | valzevul 5 days ago | parent [-] | | Yeah, screenshot on Monday, messed with the app that evening, tried using it Tuesday morning -- dead. I've seen people on PureGym's Twitter successfully refreshing screenshots weekly though, and the API response suggests the same. That being said, I couldn't find a validation endpoint to check if mine got invalidated by something specific (maybe signing out?) or if there's some other magic happening. | | |
| ▲ | dwedge 5 days ago | parent [-] | | I wonder if opening the app invalidated it, and those people who had it working just screenshot once. My gym has a similar system but I realised it's time based and the app functions without Internet. I installed the app onto an old android with no sim, logged in at home over WiFi and it successfully regenerated QRs without data |
|
|
| |
| ▲ | wahnfrieden 5 days ago | parent | prev [-] | | no |
| |
| ▲ | MBCook 5 days ago | parent | prev | next [-] | | Because you’d have to waste the time to take a new screenshot every week, of course. | |
| ▲ | aembleton 4 days ago | parent | prev [-] | | Probably invalidates old tokens when a new one is generated. |
|
