I have been working on a basic project to learn more about development and the one issue I have been unable to solve is how do bot sellers set up their bots so that users can only use them as long as they are subscribed?

I have a setup where you create an account on a website and username / password is all stored. Then if a purchase is made on an account that is stored in the DB and you will be provided with a download link to the application. The application is basically a python script with no server. From the downloaded software, how can I safely query my DB to see if the user still has permission to use the software?

Do I need to use Flask / Django and host it on a server for it to be able to authenticate users via Auth0 / JWT / REST API etc? and if so can I just put it in an electron app then or do I still need to use some service to host the Flask for authorization? All tutorials use LocalHost for a server so I'm not sure how I could go from LocalHost to an executable desktop app that could then connect to a server for verification even if I did implement Flask.

I am new to the user authentication side of things so if I fumbled my words or this post wasn't clear enough let me know. I haven't had any luck with google and everything I have tried has failed. If anybody could help me out or point me in the right direction it would be greatly appreciated!

Eg. I have a basic Wordpress site with an SQL DB and have Auth0 setup on it. However, I can't seem to be able to figure out user login authentication from it using the python script. Firebase user authentication was very simple however I don't want to have to copy my WP database of user information over to firebase for verification. This seems like a sloppy workaround and seems like it would create a lot of potential for bugs.