Is this safe to do in auth0-nextjs?


We’re trialling auth0 and are using the auth0-nextjs library and would like to check if anybody knew if what we were doing with it was safe please.

We’re obtaining our login session cookie inside a specific app which handles auth via auth0-nextjs and that is all.

Then we have a separate nextjs app with auth0-nextjs but only needs to read the session cookie and not request new tokens etc as that’s handled by our auth app above. We’ve set the client ID and Secret in this app to a random string that means nothing. This is becuase without this withApiAuthRequired helper function does not work. This seems to work fine but we’re wondering if it’s safe to have withApiAuthRequired working with a random client id and secret.
We’re using the same domain, and zones for nextjs to achieve this.

Thanks for the support,