It is fine to create a separate application for your client (per client) and share your client’s secret with your customers as long as you:
- Restrict their applications/clients to connections only as required.
- Only give scopes/permissions as required.
- Make sure their applications have NO access to management API otherwise they can do admin tasks on your tenant.
Hope this helps
Regards
Jeff