Auth middleware redirect to login, even if previous middleware logged in the user

Hello, I am pretty new in Laravel and I don't know a lot of things about it. So I am probably asking something that shouldn't be done. If it is, tell me!

I am currently creating a website project that include three websites (but more than four in the future). Actually, I build a showcase website, a dashboard and an authentication website, and all in the same project but with differents sub-domains. I do it in the same project in order to reduce the maintainability problems between the different projects, but also in order to have a perfect integration with my ide and between the different assets of the site. But I do plan to create various composer packages in the future, when these projects get bigger.

I digress from the basic problem, but this small explanation is necessary to better understand my situation. Because of this architecture, I can't simply use Laravel Passport in order connect users in the different websites, because it works with only one website. So, I decided to use Laravel Fortify, and to create my own cross website connection system that works with session tokens.

Here is a basic explaination of my system:

1. When the user goes on a protected website, he will be redirected to the login website with the intended url in query parameter,
2. When he's successfully logged-in, he's redirect to this intended url with an unique session token as query parameter.
3. The destination website check this token, and login the associated user if it's all good. To do that, I made my own middleware named 'AuthenticateThroughtSessionAccessTokenMiddleware'.

In the theory, it works. But, I am having with the Laravel built-in auth guard. In fact, the auth guard redirect the user in the login page, even if my custom middleware successfully authenticated the user. If I remove Auth and I manually create the redirect url to the authencation with the proper redirect query parameter, it works. Here is my middleware group :

'secure' => [
    'web',
    AuthenticateThroughtSessionAccessTokenMiddleware::class,
    'auth'
]

And just in case, here is the code of this custom middleware:

class AuthenticateThroughtSessionAccessTokenMiddleware
{
    public function handle(Request $request, Closure $next): Response
    {
        if ($request->has('session_access_token')) {
            $sessionAccessToken = SessionAccessToken::where('token', $request->input('session_access_token'))
                ->where('expires_at', '>=', Carbon::now())
                ->first();

            if ($sessionAccessToken) {
                $storedSession = $sessionAccessToken->session;
                if ($storedSession->user_agent == $request->userAgent() && $storedSession->ip_address === $request->ip()) {
                    $sessionAccessToken->expires_at = Carbon::now();
                    $sessionAccessToken->save();

                    $request->session()->setId($storedSession->id);
                    $request->session()->start();

                    // We remove the session_access_token from the url
                    $url = $request->fullUrl();
                    $url = Str::replace('session_access_token=' . $request->input('session_access_token'),
                        '', $url);

                    return redirect($url);
                }
            }
        }
        return $next($request);
    }
}

I don't know how to fix that, how to do that correctly. I heard about guards but I don't know how if they can be useful here, if I have to create one to do that, or anything like that. :/

Thank you in advance for your help !