Sep 3, 2018 · 1 min read
- in WebSecurityConfig it should be “/auth/**” not “/auth”
- It’s much easier to use BCryptPasswordEncoder instead of yours as it generates salt and saves it into the password, plus it has “match(pwd1, pwd2)” method which is also a nice touch.
but still, great job, I’d love to see the refresh endpoint implemented