NextJS Auth0 SDK - Info about "Not route based" security?

I’m working with the GitHub - auth0/nextjs-auth0: Next.js SDK for signing in with Auth0 package to create authentication on a website. My scenario is that i have “public website” where users can either just be guests, or they can login (like 98% is probably guests). My pages (and APIs) is calling the same endpoints but provide different data based on the user level.

So for example everyone can access /page but if i’m logged in i might get different data compared to if i’m not logged in.

In the examples of GitHub - auth0/nextjs-auth0: Next.js SDK for signing in with Auth0 the only examples provided are where you protect entire routes.

I can of course solve these issues in various ways but i kind of want to know what the recommended approach are?

My plan now is basically to

  • Proxy all API requests via the NextJS api routes.
  • Get the accessToken and send it to the API if it exist, if not well, don’t send it.

Is there any issues with this? Is there any overhead in calling the auth0.getAccessToken method? I know it throws an error if the token doesn’t exist so it may not be intended to be called like that? I mean 99% of the requests will be from not logged in users so might be unnecessary to call that all the time? Should i set my own cookie that just “this user has been logged in, go and see if there is an access token”?

Again, some info and examples of this pretty common scenario would be nice!