I’ve been working on Keylight, a licensing layer for macOS apps, and one of the more interesting technical problems has been designing license checks that work both online and offline. The basic problem sounds simple: “Is this app allowed to run?” But in practice, there are a lot of edge cases: What happens if the user bought the app, but is currently offline? How long should an offline lease stay valid? How do you prevent a license from being copied forever? How do you handle device limits without making the app annoying? What happens when a subscription expires while the app is offline? How do you rotate SDK/API keys without breaking old app versions? How much should be checked locally vs on the server? The approach I’m using is roughly: The app validates against the server when online The server returns a signed local license lease The app can continue working offline for a limited period Device activations are tracked server-side Renewals, upgrades, and revocations update the next lease Old SDK keys can be retired gradually instead of breaking existing builds It’s a small part of the product, but it has been one of the most interesting engineering decisions so far. Curious how others would design this. Would you keep most licensing logic server-side, or allow more local verification with signed license files? And for desktop apps, what do you think is a fair offline grace period? submitted by /u/nicolas1410 [link] [comments]