Licenses with FINGERPRINT_SCOPE_REQUIRED vs. licenses without, save an API call

[nschloe]

Follow-up on #65 (reply in thread).

I give out licenses with max_machines, and some without. The former require fingerprint scope when validating, and activation as well. The latter don't. I understand there's no way now to distinguish the two licenses in the application, so what I'm doing now is a non-fingerprinted validation, from which I get FINGERPRINT_SCOPE_REQUIRED back for a number of calls, and then check again with fingerprinting enabled.

My application has no way of knowing which is which, right? I thought about giving out prefixed licenses like fp/... and nfp/... and store the information somewhere (?), but that feels rather clumsy.

Any better idea?

[ezekg]

No better ideas outside of a custom license key scheme like you outlined. This isn't a typical scenario so I haven't given much thought to how this would look outside of what is currently possible. But validating without the fingerprint, and then revalidating with the fingerprint on FINGERPRINT_SCOPE_REQUIRED seems like the best approach. That is why that validation code exists, after all.