Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

mdupor's avatar

Laravel auth user on webhook

I am having trouble with authenticated user in my Laravel/Vue app. Once you log in, you can choose to make a purchase via Stripe which leads you off the page, and returns back upon payment.

Just to make sure, I've made an endpoint:

Route::get('test', function(){
    return Auth::user();
});

And before and after Stripe, when I hit it, I do get back the user. So authentication is in order.

What happens though is that Stripe upon payment event makes a webhook callback to my route:

Route::post('api/stripe/checkout-session-completed', 'StripeController@checkoutSessionCompleted');

Inside a hook, event is fired which should propagate number of credits purchased to the user who made the purchase, however I am always getting that Auth::user() is not defined.

use Illuminate\Support\Facades\Auth;
...

public function checkoutSessionCompleted()
{
    ...
    $this->handleCheckout($session); // this is Stripe session object
    ...
}

private function handleCheckout($session)
{
    ...
    event(new PaymentSuccessful($payment, Auth::user()));
    ...
}

Was this supposed to happen? It looks as if a new session is made on every POST request to that route. How can I get the currently auth user if not like this?

0 likes
4 replies
kalemdzievski's avatar

Not 100% sure, but I think you can't use Auth::user() in the webhook since its not the same session.

Is there any unique identifier in the webhook payload that u can find the user with? For example customer_id or something like that?

mdupor's avatar

Well Stripe does offer adding metadata to their session object, so I could put it there, but I was worried whether that is the good way to go, and given the fact that I would like to implement Paypal as well, I don't know whether I'll be able to "hack" that to work like that as well

kalemdzievski's avatar

I don't wanna limit you since I am not 100% sure, but personally i would go with finding the user with some unique identifier provided from stripe. You should have that information, I think it wascustomer_id or stripe_id with Stripe.

ladislavszolik's avatar

Hello @mdupor I had similar challenge with other payment provider. (I am using Laravel v8.x). What I did, I re authenticated the user. Here is how it works for me:

  • Before redirecting the user to the provider, I generate a unique reference number, which I send with the POST. request.
  • I am receiving the unique reference number back from the provider,
  • I validate the message
  • I read the booking from the DB using the reference number
  • Using the booking to get the user id
  • finally with Auth, I re log in the user

Auth::loginUsingId($userID);

Hope it helps.

Please or to participate in this conversation.