You definitely should not be doing this. Once you’ve removed the auth.json from your repo, you should also delete or regenerate that token on Gitlab.
Generally if some remote service (i.e. a build process; a server; etc) needs an API key, an auth token, or some other sensitive information, a good way to deal with that is to set it as an environment variable in that environment, and then have whatever script you’re running that needs access to that key/token/etc pull it from the environment.