← Back to context Comment by dom96 3 months ago The article mentions they need to be refreshed every week, so I'd guess at most once a week. 11 comments dom96 Reply ItsHarper 3 months ago I think ideally you'd do it maybe every day or so, so that if the user goes offline for a while, or the server you're running goes down or something, the pass will continue to work for at least 6 days. It buys you a lot of time to fix things. wrs 3 months ago The RefreshAt is a week, but if the code is actually valid for a week, it's not clear why a simple screenshot of the code didn't work. bpicolo 3 months ago It seems like it did work and they didn't want to deal with manually updating it weekly xeromal 3 months ago I don't know security that well but if the puregym app refreshes the token then the old tokens would expire immediately right? shermantanktop 3 months ago Nope. As I read it, any token less than a week old would work. So for any user, they have 7 * 24 * 60 tokens live at any time. 3 replies → wahnfrieden 3 months ago no MBCook 3 months ago Because you’d have to waste the time to take a new screenshot every week, of course. aembleton 3 months ago Probably invalidates old tokens when a new one is generated.
ItsHarper 3 months ago I think ideally you'd do it maybe every day or so, so that if the user goes offline for a while, or the server you're running goes down or something, the pass will continue to work for at least 6 days. It buys you a lot of time to fix things.
wrs 3 months ago The RefreshAt is a week, but if the code is actually valid for a week, it's not clear why a simple screenshot of the code didn't work. bpicolo 3 months ago It seems like it did work and they didn't want to deal with manually updating it weekly xeromal 3 months ago I don't know security that well but if the puregym app refreshes the token then the old tokens would expire immediately right? shermantanktop 3 months ago Nope. As I read it, any token less than a week old would work. So for any user, they have 7 * 24 * 60 tokens live at any time. 3 replies → wahnfrieden 3 months ago no MBCook 3 months ago Because you’d have to waste the time to take a new screenshot every week, of course. aembleton 3 months ago Probably invalidates old tokens when a new one is generated.
bpicolo 3 months ago It seems like it did work and they didn't want to deal with manually updating it weekly
xeromal 3 months ago I don't know security that well but if the puregym app refreshes the token then the old tokens would expire immediately right? shermantanktop 3 months ago Nope. As I read it, any token less than a week old would work. So for any user, they have 7 * 24 * 60 tokens live at any time. 3 replies → wahnfrieden 3 months ago no
shermantanktop 3 months ago Nope. As I read it, any token less than a week old would work. So for any user, they have 7 * 24 * 60 tokens live at any time. 3 replies →
MBCook 3 months ago Because you’d have to waste the time to take a new screenshot every week, of course.
I think ideally you'd do it maybe every day or so, so that if the user goes offline for a while, or the server you're running goes down or something, the pass will continue to work for at least 6 days. It buys you a lot of time to fix things.
The RefreshAt is a week, but if the code is actually valid for a week, it's not clear why a simple screenshot of the code didn't work.
It seems like it did work and they didn't want to deal with manually updating it weekly
I don't know security that well but if the puregym app refreshes the token then the old tokens would expire immediately right?
Nope. As I read it, any token less than a week old would work. So for any user, they have 7 * 24 * 60 tokens live at any time.
3 replies →
no
Because you’d have to waste the time to take a new screenshot every week, of course.
Probably invalidates old tokens when a new one is generated.