diff --git a/config/packages/security.yaml b/config/packages/security.yaml
index 4acc223..d828e43 100644
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@@ -52,7 +52,7 @@ security:
             json_login:
                 check_path: api_login
                 username_path: email
-                success_handler: lexik_jwt_authentication.handler.authentication_success
+                success_handler: App\Security\JWTAuthenticator
                 failure_handler: lexik_jwt_authentication.handler.authentication_failure
             login_throttling:
                 limiter: app.login_rate_limiter
diff --git a/src/Security/JWTAuthenticator.php b/src/Security/JWTAuthenticator.php
new file mode 100644
index 0000000..f19e2c0
--- /dev/null
+++ b/src/Security/JWTAuthenticator.php
@@ -0,0 +1,66 @@
+<?php
+
+namespace App\Security;
+
+use App\Entity\User;
+use Lexik\Bundle\JWTAuthenticationBundle\Event\AuthenticationSuccessEvent;
+use Lexik\Bundle\JWTAuthenticationBundle\Events;
+use Lexik\Bundle\JWTAuthenticationBundle\Response\JWTAuthenticationSuccessResponse;
+use Lexik\Bundle\JWTAuthenticationBundle\Services\JWTTokenManagerInterface;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface;
+use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
+
+readonly class JWTAuthenticator implements AuthenticationSuccessHandlerInterface
+{
+    public function __construct(
+        private JWTTokenManagerInterface $jwtManager,
+        private EventDispatcherInterface $dispatcher,
+        private iterable $cookieProviders = [],
+        private bool $removeTokenFromBodyWhenCookiesUsed = true
+    ) {
+    }
+
+    public function onAuthenticationSuccess(Request $request, TokenInterface $token): Response
+    {
+        return $this->handleAuthenticationSuccess($token->getUser());
+    }
+
+    public function handleAuthenticationSuccess(UserInterface $user, $jwt = null): Response
+    {
+        if (($user instanceof User) && !$user->isVerified()) {
+            throw new AccessDeniedHttpException('This user has not yet validated their email address.');
+        }
+
+        if (null === $jwt) {
+            $jwt = $this->jwtManager->create($user);
+        }
+
+        $jwtCookies = [];
+        foreach ($this->cookieProviders as $cookieProvider) {
+            $jwtCookies[] = $cookieProvider->createCookie($jwt);
+        }
+
+        $response = new JWTAuthenticationSuccessResponse($jwt, [], $jwtCookies);
+        $event = new AuthenticationSuccessEvent(['token' => $jwt], $user, $response);
+
+        $this->dispatcher->dispatch($event, Events::AUTHENTICATION_SUCCESS);
+        $responseData = $event->getData();
+
+        if ($jwtCookies && $this->removeTokenFromBodyWhenCookiesUsed) {
+            unset($responseData['token']);
+        }
+
+        if ($responseData) {
+            $response->setData($responseData);
+        } else {
+            $response->setStatusCode(Response::HTTP_NO_CONTENT);
+        }
+
+        return $response;
+    }
+}