code-snippets

If you&#8217;ve configured your WPGraphQL settings to &#8220;Limit the execution of GraphQL operations to authenticated requests&#8221;, this will block all root operations unless the user making the request is already authenticated. If you&#8217;re using a GraphQL mutation to authenticate, such as the one provided by WPGraphQL JWT Authentication, you might want to allow the <code>login</code> mutation to still be executable by public users, even if the rest of the API is restricted. This snippet allows you to &#8220;allow&#8221; the login mutation when all other root operations are restricted. 



<pre class="wp-block-code lang-php"><code>add_filter( 
 'graphql_require_authentication_allowed_fields', 
 function( $allowed ) {
	$allowed[] = 'login';
	return $allowed;
}, 10, 1 );</code></pre>