diff --git a/authn/authn_http/controller.go b/authn/authn_http/controller.go
index 75b32f7..7ecb3a6 100644
--- a/authn/authn_http/controller.go
+++ b/authn/authn_http/controller.go
@@ -2,24 +2,32 @@ package authn_http
 
 import (
 	"app/authn"
+	"app/user"
 	"net/http"
 	"strings"
 
+	"github.com/go-playground/validator/v10"
 	"github.com/gofiber/fiber/v2"
 )
 
 type Controller struct {
-	users  authn.UserProvider
-	tokens authn.TokenProvider
+	validator *validator.Validate
+	authUsers authn.UserProvider
+	tokens    authn.TokenProvider
+	users     *user.Service
 }
 
 func NewController(
-	users authn.UserProvider,
+	validator *validator.Validate,
+	authUsers authn.UserProvider,
 	tokens authn.TokenProvider,
+	users *user.Service,
 ) *Controller {
 	return &Controller{
-		users:  users,
-		tokens: tokens,
+		validator: validator,
+		authUsers: authUsers,
+		tokens:    tokens,
+		users:     users,
 	}
 }
 
@@ -65,19 +73,28 @@ func (controller *Controller) RegisterUser(ctx *fiber.Ctx) error {
 	var body EmailAndPasswordBody
 
 	if err := ctx.BodyParser(&body); err != nil {
-		return err
+		return ctx.SendStatus(http.StatusBadRequest)
+	}
+
+	if err := controller.validator.Struct(body); err != nil {
+		return ctx.SendStatus(http.StatusBadRequest)
 	}
 
-	err := controller.users.Create(
+	createdUser, createUserErr := controller.users.CreateUser(ctx.UserContext(), body.Email)
+	if createUserErr != nil {
+		return ctx.SendStatus(http.StatusInternalServerError)
+	}
+
+	createAuthUserErr := controller.authUsers.Create(
 		ctx.UserContext(),
 		body.Email,
 		body.Password,
 	)
-	if err != nil {
-		return err
+	if createAuthUserErr != nil {
+		return createAuthUserErr
 	}
 
-	return ctx.SendStatus(fiber.StatusCreated)
+	return ctx.Status(fiber.StatusCreated).JSON(createdUser)
 }
 
 func (controller *Controller) DeleteUser(ctx *fiber.Ctx) error {
@@ -86,7 +103,7 @@ func (controller *Controller) DeleteUser(ctx *fiber.Ctx) error {
 		return ctx.SendStatus(http.StatusBadRequest)
 	}
 
-	err := controller.users.Delete(ctx.UserContext(), emailToDelete)
+	err := controller.authUsers.Delete(ctx.UserContext(), emailToDelete)
 	if err != nil {
 		return err
 	}
@@ -95,6 +112,6 @@ func (controller *Controller) DeleteUser(ctx *fiber.Ctx) error {
 }
 
 type EmailAndPasswordBody struct {
-	Email    string `json:"email"`
-	Password string `json:"password"`
+	Email    string `json:"email" validate:"required,email"`
+	Password string `json:"password" validate:"required"`
 }
diff --git a/authn/authn_http/controller_test.go b/authn/authn_http/controller_test.go
index 4ad9ba5..f887149 100644
--- a/authn/authn_http/controller_test.go
+++ b/authn/authn_http/controller_test.go
@@ -22,16 +22,24 @@ var _ = Describe("/auth", Ordered, func() {
 	AfterEach(func() { app.RollbackTx() })
 	AfterAll(func() { app.Teardown() })
 
-	Describe("sign up", func() {
+	Describe("register", func() {
 		email := "me@template.com"
 
 		BeforeEach(func() { app.Auth.MustDelete(email) })
 		AfterEach(func() { app.Auth.MustDelete(email) })
 
-		It("returns status 201", func() {
-			err := app.Auth.Register(email, "p455w0rd")
+		It("creates the user", func() {
+			user := app.Auth.MustRegister(email, "p455w0rd")
 
-			Expect(err).NotTo(HaveOccurred())
+			Expect(app.User.Get(user.ID)).To(Equal(user))
+		})
+
+		It("logs in after registration", func() {
+			app.Auth.MustRegister(email, "p455w0rd")
+
+			token, err := app.Auth.Login(email, "p455w0rd")
+			Expect(err).To(BeNil())
+			Expect(token).NotTo(BeNil())
 		})
 	})
 
diff --git a/test/driver/auth.go b/test/driver/auth.go
index bfc12f1..71eab5f 100644
--- a/test/driver/auth.go
+++ b/test/driver/auth.go
@@ -3,6 +3,7 @@ package driver
 import (
 	"app/test/matchers"
 	"app/test/req"
+	"app/user"
 
 	"fmt"
 	"net/http"
@@ -21,6 +22,10 @@ func NewAuthDriver(baseURL string, headers req.Headers) *AuthDriver {
 	return &AuthDriver{url: baseURL, headers: headers}
 }
 
+func (driver *AuthDriver) SetToken(token oauth2.Token) {
+	driver.headers.Set("Authorization", fmt.Sprintf("%s %s", token.TokenType, token.AccessToken))
+}
+
 func (driver *AuthDriver) Login(email string, password string) (oauth2.Token, error) {
 	var token oauth2.Token
 	return token, makeJSONRequest(params{
@@ -38,27 +43,27 @@ func (driver *AuthDriver) Login(email string, password string) (oauth2.Token, er
 
 func (driver *AuthDriver) MustLogin(email string, password string) oauth2.Token {
 	token := matchers.Must2(driver.Login(email, password))
-	driver.headers.Set("Authorization", fmt.Sprintf("%s %s", token.TokenType, token.AccessToken))
+	driver.SetToken(token)
 	return token
 }
 
-func (driver *AuthDriver) Register(email string, password string) error {
-	_, err := makeRequest(
-		http.StatusCreated,
-		func() (*http.Response, error) {
+func (driver *AuthDriver) Register(email string, password string) (user.User, error) {
+	var user user.User
+	return user, makeJSONRequest(params{
+		into:   &user,
+		status: http.StatusCreated,
+		req: func() (*http.Response, error) {
 			return req.Post(
 				driver.url+"/auth/register",
 				req.MergeHeaders(driver.headers, req.Headers{"Content-Type": "application/json"}),
 				strings.NewReader(fmt.Sprintf(`{"email":%q,"password":%q}`, email, password)),
 			)
 		},
-	)
-
-	return err
+	})
 }
 
-func (driver *AuthDriver) MustRegister(email string, password string) {
-	matchers.Must(driver.Register(email, password))
+func (driver *AuthDriver) MustRegister(email string, password string) user.User {
+	return matchers.Must2(driver.Register(email, password))
 }
 
 func (driver *AuthDriver) UserInfo() (map[string]string, error) {