How to know if user is licensed when making a request to my remote backend from Forge app?

I have built a paid Forge Custom UI app with a remote backend resolver. The backend is an Azure Function API. How can I be sure that the request being made to my API is from a paying / licensed user? Doing the check in the frontend/client side isn't good enough, since the JS can be modified by a malicious user.

1. One way would be if the JWT token (the Forge Invocation Token), that's included in the Authorization Header, contained some information about licensing. However, the token doesn't include any such information in the `app` or `context` claims of the JWT, from what I could see. The only information I saw was `{ "accountType": "licensed" }` in the `context` claim, but I'm not sure if this is reliable.
2. Another way would be to have access to *both* a Forge function resolver and a Forge remote resolver, so that I can do the license check inside the Forge function (see Forge Custom UI function check), which cannot be changed by a potential malicious user. However, Forge doesn't support 2 resolvers for an app.

Is there a secure way of making sure the requests being made to my Azure Function API are from a licensed user?