I have integrated checkout API in my laravel app and now i am trying to utilize webhook -> payment.updated so then i can update the subscripton status of the user who made payment but i cannot access the Auth::user() i.e. the authenticated user on my app.
I have also verified the signature key for the webhook subscriptions.
class SquareWebhookAuthentication
{ private const NOTIFICATION_URL = 'https://********/payment-plan-webhook'; // Replace with your actual webhook URL private const SIGNATURE_KEY = '*************'; // Replace with your actual signature key
/**Handle an incoming request. *
- @param \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response) $next */ public function handle($request, Closure $next) { $receivedSignature = $request->header('x-square-hmacsha256-signature'); $body = $request->getContent();
Log::info("user id = ".config('user_id'));
Perform your authentication logic here if (!$this->isFromSquare($receivedSignature, $body)) { return response('Unauthorized', 401); else { if(\Auth::check()) { Log::info("Check = ".\Auth::user()); else { Log::info("User = ".\Auth::user()); // } }
return $next($request); }
private function isFromSquare($signature, $body) { $hash = hash_hmac('sha256', self::NOTIFICATION_URL.$body, self::SIGNATURE_KEY, true); $expectedSignature = base64_encode($hash); return $signature === $expectedSignature; } } I have tried almost everything. I think the problem is with presistent sessions or with the sanctum authentication.
I have also excluded the webhook route from my CSRFToken verification.
class VerifyCsrfToken extends Middleware { /** The URIs that should be excluded from CSRF verification. *
- @var array<int, string> */ protected $except = [ 'payment-plan-webhook' ]; }
This is the error I get in my log.
[2023-07-05 09:50:55] local.ERROR: Attempt to assign property "subscription_status" on null {"exception":"[object] (Error(code: 0): Attempt to assign property "subscription_status" on null at /home/c2cdox/public_html/app/Http/Controllers/PaymentController.php:43)
The problem is that Webhooks are typically triggered by external services and do not include the user's session or authentication information. Therefore, you won't be able to directly access the authenticated user using Auth::user() within the webhook handler.
You will need fo find an alternative way to identify and update the subscription status of the user who made the payment.
You could try to save some sort of transaction id in your database, then in the webhook handler retrieve the user with that transaction id and update the subscription status that way.