I'm not exactly sure what you are doing, but random numbers for authentication needs to be good random numbers, not just any random stuff. As Todd mentioned, it should require CSPRNG. And furthermore, if it's a number used for security/authenticity, it's usually not a good idea to rely on the client when it's meant to be the source of truth. (you're moving the trust from your server to the client!)
Here's a very recommended reading as soon as key/CPSRNG/encryption is involved if you're not sure about all the concepts: What devs need to know about Encoding / Encryption / Hashing / Salting / Stretching
And this gist is a good small refresher gist.github.com/joepie91/7105003c3b26e65efcea63f3…