I'm trying to develop a simple application launcher where the the application can't be launched only be launcher which checks if the user is authorized to launch the app or not, I can do this online easily by checking the database from the server but I want the user to launch the apps In both online and offline mode.
I guess I can do this with RSA encryption where theres a socket between the program and the launcher so if the private key is valid the program launchs but there's a chance for user to change the private key since it's stored in his machine.
server-Side: python with flask, cryptography and flask_socketio
Client-Side(launcher): electronjs and javascript
Is there any better idea or suggestions you might have?
You could use an access token that gets checked like JWT. For offline mode it could check expiration time and if a unique key identifier matches the claims it has. If you go online you could also validate the signature of the token to see that is has not been tempered with.