by default your code can only accessed on the serverside when in app router. So if you dont expose it with 'use client', everything is fine. And then its normal auth however you want to handle it: custom auth, better-auth, next-auth, ...

not following tbh

i know that but its sort of running around my question / the tricky problelm

its the same like when using a db inside your app: when you try to import it into client components, then it throws an error, as it cant access the .env variables ([see here](https://nextjs.org/docs/app/guides/authentication#3-create-a-user-or-check-user-credentials)).

If you think about the connection between your app and bigquery and that its currently insecure, then you should check the docs from big query on how to auth with a token or basic auth or other auth types to connect to your big query.
But the principle stays the same: use it on your serverside and if you want to fetch big query to display it on the client, then build an api route, that your client fetches or directly fetch during SSR.

My answer is currently longer than your whole provided information. If this is still not what you needed, then provide more info on what you really want to do, so we can help you better

@Russian Bluecan you provide more info?

hey im all good now, thank you very much!

sounds great. Please mark solution[:](https://cdn.discordapp.com/attachments/1043615796787683408/1117191182133501962/image.png?ex=699cbade&is=699b695e&hm=44e6485dbba81e4449d9f25b3e44c41f53614b8758102e8d2b2baf26244801fb&)