Index: finkwave/src/main/java/com/ukim/finki/develop/finkwave/controller/AuthController.java
===================================================================
--- finkwave/src/main/java/com/ukim/finki/develop/finkwave/controller/AuthController.java	(revision c6f7486d575c33b8d0eb258135fcb1cf36590e21)
+++ finkwave/src/main/java/com/ukim/finki/develop/finkwave/controller/AuthController.java	(revision b81f586e70cb00f432e8f000256d7c6e13295e7c)
@@ -32,5 +32,4 @@
     // todo: read from config
     private final int accessTokenMaxAge = 900;
-    private final int refreshTokenMaxAge = 10 * 24 * 60 * 60;
     private final AuthService authService;
 
@@ -40,6 +39,5 @@
             HttpServletResponse httpServletResponse){
         try {
-            AuthResponseDto authResponse = authService.registerAndLogIn(authRequestDto);
-            addTokensToResponse(httpServletResponse, authResponse);
+            AuthResponseDto authResponse = authService.registerAndLogIn(httpServletResponse, authRequestDto);
             return ResponseEntity.ok(Map.of(
                     "user", authResponse.userResponseDto(),
@@ -58,6 +56,5 @@
             HttpServletResponse httpServletResponse){
         try {
-            AuthResponseDto authResponse = authService.login(loginRequestDto.username(), loginRequestDto.password());
-            addTokensToResponse(httpServletResponse, authResponse);
+            AuthResponseDto authResponse = authService.login(httpServletResponse, loginRequestDto);
             return ResponseEntity.ok(Map.of(
                     "user", authResponse.userResponseDto(),
@@ -90,5 +87,5 @@
             HttpServletResponse httpServletResponse,
             @CookieValue(name = "refreshToken", required = false) String refreshToken){
-        clearCookies(httpServletResponse, refreshToken);
+        authService.clearCookies(httpServletResponse, refreshToken);
         SecurityContextHolder.clearContext();
         return ResponseEntity.ok(Map.of("message", "Successful log out"));
@@ -112,33 +109,3 @@
     }
 
-    private void clearCookies(HttpServletResponse httpServletResponse, String refreshToken) {
-        if (refreshToken != null){
-            authService.invalidateRefreshToken(refreshToken);
-            Cookie clearCookie = new Cookie("refreshToken", null);
-            clearCookie.setHttpOnly(true);
-            clearCookie.setSecure(false);
-            clearCookie.setPath("/");
-            clearCookie.setMaxAge(0);
-            httpServletResponse.addCookie(clearCookie);
-        }
-
-        Cookie clearAccess = new Cookie("accessToken", null);
-        clearAccess.setHttpOnly(true);
-        clearAccess.setSecure(false);
-        clearAccess.setPath("/");
-        clearAccess.setMaxAge(0);
-        httpServletResponse.addCookie(clearAccess);
-    }
-
-
-    private void addTokensToResponse(HttpServletResponse response, AuthResponseDto authResponse){
-        Cookie refreshCookie = new Cookie("refreshToken", authResponse.refreshToken().getToken());
-        refreshCookie.setSecure(false);
-        refreshCookie.setHttpOnly(true);
-        refreshCookie.setPath("/");
-        refreshCookie.setMaxAge(refreshTokenMaxAge);
-        response.addCookie(refreshCookie);
-
-        authService.addAccessCookieToResponse(response, authResponse.accessToken());
-    }
 }
Index: finkwave/src/main/java/com/ukim/finki/develop/finkwave/service/AuthService.java
===================================================================
--- finkwave/src/main/java/com/ukim/finki/develop/finkwave/service/AuthService.java	(revision c6f7486d575c33b8d0eb258135fcb1cf36590e21)
+++ finkwave/src/main/java/com/ukim/finki/develop/finkwave/service/AuthService.java	(revision b81f586e70cb00f432e8f000256d7c6e13295e7c)
@@ -1,4 +1,5 @@
 package com.ukim.finki.develop.finkwave.service;
 
+import com.ukim.finki.develop.finkwave.dto.LoginRequestDto;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
@@ -27,8 +28,9 @@
     private final RefreshTokenService refreshTokenService;
     private final int accessTokenMaxAge = 900;
+    private final int refreshTokenMaxAge = 10 * 24 * 60 * 60;
 
     // todo: should it be transactional?
 //    @Transactional
-    public AuthResponseDto registerAndLogIn(AuthRequestDto authRequestDto){
+    public AuthResponseDto registerAndLogIn(HttpServletResponse response, AuthRequestDto authRequestDto){
         if (userRepository.findByUsername(authRequestDto.username()).isPresent()){
             throw new RuntimeException("User already exists");
@@ -36,5 +38,5 @@
         User user = new User();
 
-        // todo: builder
+        // todo: builder / private createUser method
         user.setUsername(authRequestDto.username());
         user.setRole(Role.NONADMIN);
@@ -48,19 +50,25 @@
         nonAdminUserRepository.save(nonAdminUser);
         userRepository.save(user);
-        return login(user.getUsername(), authRequestDto.password());
+        // todo: could also be redirect in controller, which one is better?
+        return login(response, new LoginRequestDto(user.getUsername(), authRequestDto.password()));
     }
 
 
-    public AuthResponseDto login(String username, String password){
-        User user = userRepository.findByUsername(username)
+    // todo: dto in arguments or the standalone values?
+    public AuthResponseDto login(HttpServletResponse response, LoginRequestDto loginRequestDto){
+        User user = userRepository.findByUsername(loginRequestDto.username())
                 .orElseThrow(() -> new RuntimeException("Invalid credentials"));
-        if (!passwordEncoder.matches(password, user.getPassword())){
+        if (!passwordEncoder.matches(loginRequestDto.password(), user.getPassword())){
             throw new RuntimeException("Invalid credentials");
         }
 
-        String accessToken = jwtService.generateToken(username, user.getRole().name());
+        String accessToken = jwtService.generateToken(loginRequestDto.username(), user.getRole().name());
         RefreshToken refreshToken = refreshTokenService.createRefreshToken(user);
+
         UserResponseDto userResponseDto = new UserResponseDto(user.getUsername(), user.getRole());
-        return new AuthResponseDto(accessToken, refreshToken, userResponseDto);
+        // todo: dto inside a dto??
+        AuthResponseDto authResponseDto = new AuthResponseDto(accessToken, refreshToken, userResponseDto);
+        addTokensToResponse(response, authResponseDto);
+        return authResponseDto;
     }
 
@@ -94,3 +102,34 @@
         response.addCookie(accessCookie);
     }
+
+    public void clearCookies(HttpServletResponse httpServletResponse, String refreshToken) {
+        if (refreshToken != null){
+            invalidateRefreshToken(refreshToken);
+            Cookie clearCookie = new Cookie("refreshToken", null);
+            clearCookie.setHttpOnly(true);
+            clearCookie.setSecure(false);
+            clearCookie.setPath("/");
+            clearCookie.setMaxAge(0);
+            httpServletResponse.addCookie(clearCookie);
+        }
+
+        Cookie clearAccess = new Cookie("accessToken", null);
+        clearAccess.setHttpOnly(true);
+        clearAccess.setSecure(false);
+        clearAccess.setPath("/");
+        clearAccess.setMaxAge(0);
+        httpServletResponse.addCookie(clearAccess);
+    }
+
+
+    private void addTokensToResponse(HttpServletResponse response, AuthResponseDto authResponse){
+        Cookie refreshCookie = new Cookie("refreshToken", authResponse.refreshToken().getToken());
+        refreshCookie.setSecure(false);
+        refreshCookie.setHttpOnly(true);
+        refreshCookie.setPath("/");
+        refreshCookie.setMaxAge(refreshTokenMaxAge);
+        response.addCookie(refreshCookie);
+
+        addAccessCookieToResponse(response, authResponse.accessToken());
+    }
 }
