restored mutation and moved authorization elsewhere

src/bundle/Resources/config/graphql/PlatformMutation.types.yaml

@@ -24,6 +24,14 @@ PlatformMutation:
                     language:
                         type: RepositoryLanguage!
                         description: "The language the content items must be created in"
+            createToken:
+                type: CreatedTokenPayload
+                resolve: '@=mutation("CreateToken", args)'
+                args:
+                    username:
+                        type: String!
+                    password:
+                        type: String!
 
 UploadedFilesPayload:
     type: object
@@ -44,3 +52,13 @@ DeleteContentPayload:
             id:
                 type: ID
                 description: "Global ID"
+
+CreatedTokenPayload:
+    type: object
+    config:
+        fields:
+            token:
+                type: String
+            message:
+                type: String
+                description: "The reason why authentication has failed, if it has"

src/bundle/Resources/config/services/resolvers.yaml

@@ -62,6 +62,10 @@ services:
         tags:
             - { name: overblog_graphql.resolver, alias: "Thumbnail", method: "resolveThumbnail" }
 
+    Ibexa\GraphQL\Mutation\AuthenticationMutation:
+        tags:
+            - { name: overblog_graphql.mutation, alias: "CreateToken", method: "createToken" }
+
     Ibexa\GraphQL\Mutation\UploadFiles:
         arguments:
             $repository: '@ibexa.siteaccessaware.repository'

src/bundle/Resources/config/services/services.yaml

@@ -50,12 +50,3 @@ services:
             $contentLoader: '@Ibexa\GraphQL\DataLoader\ContentLoader'
         tags:
             - { name: ibexa.field_type.image_asset.mapper.strategy, priority: 0 }
-
-    Ibexa\GraphQL\Security\JWTAuthenticator:
-        arguments:
-            $userProvider: '@ibexa.security.user_provider'
-
-    Ibexa\GraphQL\Security\JWTTokenMutationFormatEventSubscriber:
-        tags:
-            - name: kernel.event_subscriber
-              dispatcher: security.event_dispatcher.ibexa_jwt_graphql

src/lib/Mutation/AuthenticationMutation.php

@@ -0,0 +1,54 @@
+<?php
+
+/**
+ * @copyright Copyright (C) Ibexa AS. All rights reserved.
+ * @license For full copyright and license information view LICENSE file distributed with this source code.
+ */
+declare(strict_types=1);
+
+namespace Ibexa\GraphQL\Mutation;
+
+use Ibexa\Contracts\Core\Repository\Exceptions\NotFoundException;
+use Ibexa\Contracts\Core\Repository\UserService;
+use Ibexa\Core\MVC\Symfony\Security\User;
+use Lexik\Bundle\JWTAuthenticationBundle\Services\JWTTokenManagerInterface;
+use Overblog\GraphQLBundle\Definition\Argument;
+
+final readonly class AuthenticationMutation
+{
+    public function __construct(
+        private JWTTokenManagerInterface $tokenManager,
+        private UserService $userService
+    ) {
+    }
+
+    /**
+     * @return array<string, ?string>
+     *
+     * @throws \Ibexa\Contracts\Core\Repository\Exceptions\NotFoundException
+     */
+    public function createToken(Argument $args): array
+    {
+        $arguments = $args->getArrayCopy();
+        if (!isset($arguments['username'], $arguments['password'])) {
+            return [
+                'message' => 'Missing username or password',
+                'token' => null,
+            ];
+        }
+
+        try {
+            $user = $this->userService->loadUserByLogin($arguments['username']);
+            $this->userService->checkUserCredentials($user, $arguments['password']);
+        } catch (NotFoundException) {
+            return [
+                'message' => 'Wrong username or password',
+                'token' => null,
+            ];
+        }
+
+        return [
+            'token' => $this->tokenManager->create(new User($user)),
+        ];
+    }
+}