Don’t use wp_login
hook. Use wp_signon
function instead.
https://developer.wordpress.org/reference/functions/wp_signon/
wp_signon( array $credentials = array(), string|bool $secure_cookie="" )
The credentials is an array that has ‘user_login’, ‘user_password’,
and ‘remember’ indices. If the credentials is not given, then the log
in form will be assumed and used if set.