Thanks for the feedback!

If you’re absolutely sure that the library which you’re using for UUID v4 generation uses a CSPRNG, then it should be more or less secure to use those UUIDs as, say, session tokens. But when it comes to auth, in particular, I’d better use signed JWTs and well-known standards like OpenID Connect there.