A note describing that the sptoken parameter will be on the query string for form POSTs, instead of in the POST body (which the JSON-only example implies)
The second form field (passwordAgain)
Validation check that the first and second fields match - I think we explicitly want to always check this locally before sending off to the server?
This is currently how Express works (and others I believe).
I think this section is missing:
sptokenparameter will be on the query string for form POSTs, instead of in the POST body (which the JSON-only example implies)passwordAgain)This is currently how Express works (and others I believe).