I have a flutter client app and python backend

My goal is to restrict access if the current app version is outdated basically I’ll have list of allowed versions and with each request flutter will send me apps current version for example 2.11 had a major bug and I don’t want anyone with 2.11 to get responses from my api

I will use firestore and auth sdk on flutter because of its offline support more and I won’t be using backend to process firestore to CRUD and also my backend will be communicating with other micro services as well

So what would be the most ideal approach? have remote config on backend and test the current version I get from flutter app against the remote allowed list versions? The problem with this is even tho I can restrict users access to all the api handled by backend I can not restrict requests made via sdk. So I thought custom claims would be best approach as I can use security rules and only allow versions for example …token.minVersion > 2.11

I’m so confused and I don’t know what would be the most secure and ideal approach