Keyforge
All posts

How to use JWTs to create an offline licensing system

Nicholas Affonso

October 25, 2025

How to use JWTs to create an offline licensing system

Many types of applications often need to work offline, for example, desktop apps. With Keyforge, you can securely verify license keys without an active internet connection by using JSON Web Tokens (JWTs) as signed license tokens.

This guide explains how JWTs make offline license validation possible and how to integrate them into your product using Keyforge.

Understanding JWTs

A JWT is a small, signed data object that can be verified without calling a server. It's made of three parts: a header, payload, and signature. It can be validated using a public key.

In Keyforge, the JWT acts as a license token containing license details (key, product, expiration) and device info. Because it's cryptographically signed, your app can verify it offline.

Implementing offline licensing

Step 1: Configure license tokens

In the dashboard, create a license token configuration for your product.

Step 2: Retrieve the initial license token

When a user activates a license, request the first token via the license activation API:

curl -X POST https://keyforge.dev/api/v1/public/licenses/activate \
  -H "Content-Type: application/json" \
  -d '{
    "licenseKey": "ABCDE-ABCDE-ABCDE-ABCDE-ABCDE",
    "deviceIdentifier": "some_device_id",
    "deviceName": "My device",
    "productId": "p_123456"
  }'

If successful, the response includes a signed token JWT. Store it locally, for example, in device storage.

Step 3: Verify the token locally

Use any JWT library to verify the token. You only need the public key from the Keyforge dashboard.

Make sure to check the following claims:

  • exp: ensure it hasn't expired.
  • product.id: matches the current product.
  • device.identifier: matches the device in use.

Verify the token at app startup or on a fixed schedule. Don't require re-activation immediately if the token has expired.

Step 4: Refresh the token

Tokens expire periodically. Use the license token API to renew them before they do:

curl -X POST https://keyforge.dev/api/v1/public/licenses/token \
  -H "Content-Type: application/json" \
  -d '{
    "licenseKey": "ABCDE-ABCDE-ABCDE-ABCDE-ABCDE",
    "deviceIdentifier": "some_device_id",
    "productId": "p_123456"
  }'

This returns a new signed token, simply replace the old one in storage.

Because the JWT is signed with the private key, your app can verify it using the public key without exposing any secrets.

Why JWTs work well for offline licensing

JSON Web Tokens offer several advantages for offline license validation:

  • Secure: Cryptographically signed and verifiable without a server.
  • Portable: Works in any language with JWT support.
  • Offline-friendly: Verification runs entirely on the client.

Conclusion

Using JWTs for offline licensing gives you a secure and flexible way to validate software licenses without constant connectivity. By combining tokens with Keyforge's licensing features, you can ensure your app stays secured even when users go offline.

For a more detailed guide, including SDK usage, API references, and code examples, visit the Keyforge documentation.

Simplify your licensing process

Focus on building your product and let us handle licensing. Generate license keys via Stripe and offer your customers a smooth self-serve experience.

Get Started