@timbray@hazelweakly I was at at least one hotel last year getting a replacement where they said “as soon as you use this key, your other two will not work” so I know it’s on a few systems. I suppose you could bolt on a max iat memory onto your OAuth system that would reject anything issued prior to the last one seen regardless of exp time