Redirect from api to web guard

So in my application i have an API setup which allows a foreign application to retrieve data from my laravel application. This is done by using Laravel Passport with the password grant type.

One of the requirements of this API is allowing the user to connect with my laravel application and login here, to view the application in his browser. For this i wrote the following routes in api.php

Route::group(['middleware' => 'auth:api'], function () {
    Route::get('protocols/list', 'ProtocolsController@getList');

    // Redirecting to frontpage
    Route::group(['middleware' => 'redirect'], function() {
        Route::get('redirect/dashboard', 'RedirectController@getDashboard');
    });

});

Middleware:
        'redirect' => [
            \App\Http\Middleware\EncryptCookies::class,
            \Illuminate\Session\Middleware\StartSession::class,
            \App\Http\Middleware\VerifyCsrfToken::class
        ]

Controller:

class RedirectController extends Controller
{
    private function login()
    {
        $userID = auth()->id();
        $user   = User::find($userID);

        // Manually login the user
        Auth::guard('web')->login($user, true);

        return $user;
    }

    public function getDashboard()
    {
        $user = $this->login();
        
        if ($user) {
            return redirect()->route('admin::dashboard');
        } else {
            return response(['error' => 'could_not_login'], 500);
        }
    }

To allow the user to be redirected to my application.

However. When the user get's redirected he get's an Unautorized message from the auth middleware.. This auth middleware is looking like the following:

class Authenticate
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @param  string|null  $guard
     * @return mixed
     */
    public function handle($request, Closure $next, $guard = null)
    {
        if (Auth::guard($guard)->guest()) {
            if ($request->ajax() || $request->wantsJson()) {
                return response('Unauthorized.', 401);
            } else {
                return redirect()->guest('login');
            }
        } elseif (Auth::user()->active === 0) {
            return redirect('/logout');
        }

        return $next($request);
    }
}

Which seems weird since in the controller above i just logged in the user. After doing some debugging i found out that when the user is being redirected and reaches this middleware. He is only logged in into the api guard and not in the web guard.

Thus i tried the following in my Authenticate middleware.

    if (Auth::guard('api')->check()) {
            Auth::guard($guard)->loginUsingId(Auth::guard('api')->user()->id);
    }

Which did the trick (although feels really hacky). Now the user can login to my laravel application through the API.

However i am still curious to why the

Auth::guard('web')->login($user, true);

Did not do the trick? Does anyone have any insight on this, or sees what i am doing wrong?