diff --git a/app/User/UseCases/AuthenticateUser.php b/app/User/UseCases/AuthenticateUser.php
new file mode 100644
index 0000000..56281b1
--- /dev/null
+++ b/app/User/UseCases/AuthenticateUser.php
@@ -0,0 +1,48 @@
+<?php
+
+namespace App\User\UseCases;
+
+use App\Exceptions\BadRequestException;
+use App\Exceptions\UnauthorizedException;
+use App\User\User;
+use App\User\UserRepository;
+use App\ValueObjects\EmailAddress;
+
+class AuthenticateUser
+{
+    public function __construct(
+        private UserRepository $userRepo,
+    ) {}
+
+    /**
+     * @throws BadRequestException
+     * @throws UnauthorizedException
+     */
+    public function execute(AuthenticateUserRequest $request): User
+    {
+        if ($request->email === null) {
+            throw new BadRequestException('email is required');
+        }
+
+        if ($request->password === null) {
+            throw new BadRequestException('password is required');
+        }
+
+        $user = $this->userRepo->findByEmail(
+            new EmailAddress($request->email)
+        );
+        if ($user === null) {
+            throw new UnauthorizedException('invalid credentials');
+        }
+
+        $passwordMatches = password_verify(
+            $request->password,
+            $user->getPasswordHash()
+        );
+        if (!$passwordMatches) {
+            throw new UnauthorizedException('invalid credentials');
+        }
+
+        return $user;
+    }
+}