The current webhook validation is lacking in a couple of ways:
// Verify the event by fetching it from Stripe.
return Event::retrieve($event_json->id);
The above does not pass in the current API key, which can lead to false negative.
The module should also provide a way of leveraging stiripe's own webhook verification library, per https://stripe.com/docs/webhooks/signatures.
Pass the API key into Event::retrieve($event_json->id), and provide a way to leverage Stripe's provide webhook verification library.
Needs review
1.0
Code
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
Added update from https://www.drupal.org/project/stripe_api/issues/3417075 π TypeError: Drupal\Component\EventDispatcher\ContainerAwareEventDispatcher::dispatch(): Argument #1 ($event) must be of type object, string given Needs review as well