Comment by xeromal
3 months ago
I don't know security that well but if the puregym app refreshes the token then the old tokens would expire immediately right?
3 months ago
I don't know security that well but if the puregym app refreshes the token then the old tokens would expire immediately right?
Nope. As I read it, any token less than a week old would work. So for any user, they have 7 * 24 * 60 tokens live at any time.
He said the code from Monday didn't work on Tuesday
Yeah, screenshot on Monday, messed with the app that evening, tried using it Tuesday morning -- dead.
I've seen people on PureGym's Twitter successfully refreshing screenshots weekly though, and the API response suggests the same.
That being said, I couldn't find a validation endpoint to check if mine got invalidated by something specific (maybe signing out?) or if there's some other magic happening.
1 reply →
no