Hi @mennabah and everyone!
Welcome to the Auth0 Community!
As @felix3 has mentioned in their reply, their approach to the issue at hand is quite valid. Since this was also confirmed by one of my colleagues as mentioned here:
This is safe because the Next.js SDK is used for Regular Web App (RWA), which are private clients and can securely store secrets, specifically the client_secret. This is completely safe.
We do recommend short lived access tokens, but be cautious of hitting rate limits. It is possible to cache API Access Tokens which I’ll link here: Caching Management API Access Tokens in Login Action. This can help with using the same token instead of always getting a new one and can be done using actions.
If you have any other questions, feel free to leave a reply or post again on the community!
Kind Regards,
Nik