diff --git a/pairent_backend/pairent_app/authlib.py b/pairent_backend/pairent_app/authlib.py
index cb281d8..9cf6c72 100644
--- a/pairent_backend/pairent_app/authlib.py
+++ b/pairent_backend/pairent_app/authlib.py
@@ -2,25 +2,13 @@ from rest_framework.request import Request
 
 from django.http import HttpResponseBadRequest, HttpResponse, JsonResponse, HttpRequest
 
-import ipware as iplib
+from .models import User, AuthToken
+
+import ipware as iplib, time, requests, uuid
 ipware = iplib.IpWare();
 
 def client_ip(req: HttpRequest):
-    return ipware.get_client_ip(req)[0].exploded;
-
-def VVSUAuthProxy(req: HttpRequest):
-    proxy = 'https://vvsu.ru/connect' + req.path[len('/api/auth/vvsu'):];
-    
-    preq = requests.request(req.method, proxy, headers={
-        'User-Agent': 'OIDC Client / Pairent',
-        'Origin': 'http://pairent.vvsu.ru',
-        'Referer': 'http://pairent.vvsu.ru'
-    });
-
-    resp = HttpResponse(preq.content);
-    resp.headers['Content-Type'] = preq.headers['Content-Type'];
-
-    return resp;
+    return ipware.get_client_ip(req.META)[0].exploded;
 
 def register(oid, provider_id, name):
     user = User(
@@ -82,7 +70,7 @@ def verify_auth_token(key, ip):
         token.delete();
         return False;
     
-    if (token.expires > time.time()):
+    if (token.expires < time.time()):
         token.delete();
         return False;
     
@@ -92,9 +80,26 @@ def auth_required(func):
     """
         Use authorization for this route.
     """
-    def inner(req: HttpRequest):
+    def inner(req: HttpRequest, *args, **kwargs):
+
         if ('Authorization' not in req.headers.keys()):
             return JsonResponse({'error': 'no auth token'});
         if (not verify_auth_token(req.headers['Authorization'], client_ip(req))):
             return JsonResponse({'error': 'auth token invalid or expired'});
-        func();
\ No newline at end of file
+        func(req, *args, **kwargs);
+    
+    return inner;
+
+def rest_auth_required(func):
+    """
+        Use authorization for this restframework view.
+    """
+    def inner(self, req: HttpRequest, *args, **kwargs):
+        
+        if ('Authorization' not in req.headers.keys()):
+            return JsonResponse({'error': 'no auth token'});
+        if (not verify_auth_token(req.headers['Authorization'], client_ip(req))):
+            return JsonResponse({'error': 'auth token invalid or expired'});
+        func(self, req, *args, **kwargs);
+    
+    return inner;
\ No newline at end of file
diff --git a/pairent_backend/pairent_app/migrations/0006_psychtestanswers.py b/pairent_backend/pairent_app/migrations/0006_psychtestanswers.py
index 533007c..e6dbdb6 100644
--- a/pairent_backend/pairent_app/migrations/0006_psychtestanswers.py
+++ b/pairent_backend/pairent_app/migrations/0006_psychtestanswers.py
@@ -27,7 +27,8 @@ class Migration(migrations.Migration):
                 ('tenth_question', models.IntegerField(validators=[django.core.validators.MaxValueValidator(5)], verbose_name='Ответ на десятый вопрос')),
                 ('eleventh_question', models.IntegerField(validators=[django.core.validators.MaxValueValidator(5)], verbose_name='Ответ на одиннадцатый вопрос')),
                 ('twelfth_question', models.IntegerField(validators=[django.core.validators.MaxValueValidator(5)], verbose_name='Ответ на двенадцатый вопрос')),
-                ('users', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='pairent_app.user', verbose_name='Пользователь')),
+                # ('users', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='pairent_app.user', verbose_name='Пользователь')),
+                ('user', models.BigIntegerField(verbose_name='ID Пользователя')),
             ],
         )
     ]
diff --git a/pairent_backend/pairent_app/serializer.py b/pairent_backend/pairent_app/serializer.py
index fe05f1e..6a738db 100644
--- a/pairent_backend/pairent_app/serializer.py
+++ b/pairent_backend/pairent_app/serializer.py
@@ -28,7 +28,11 @@ class PsychTestAddResultSerializer(serializers.ModelSerializer):
 class PublicUserSerializer(serializers.ModelSerializer):
     class Meta:
         model = User
-        exclude = ('favorites_apartments', 'comparison_apartments')
+        exclude = (
+            'favorites_apartments',
+            'comparison_apartments',
+            'openid_id',
+        )
 
 class PsychTestReultsSerializer(serializers.ModelSerializer):
     class Meta:
diff --git a/pairent_backend/pairent_app/views.py b/pairent_backend/pairent_app/views.py
index 348a55f..840307c 100644
--- a/pairent_backend/pairent_app/views.py
+++ b/pairent_backend/pairent_app/views.py
@@ -122,29 +122,17 @@ class PsychTestAddResultViewSet(viewsets.ViewSet):
 
 
 class CompatibleUsersView(viewsets.ViewSet):
+    @rest_auth_required
     def list(self, req: Request):
         user_data = dict(req.data);
         
-        # TODO: Verify auth
-        vvsu_login = user_data['openid'];
-        
-        # Exclude already viewed users
-        exclude = [];
-        if ('exclude' in user_data.keys()):
-            exclude = user_data['exclude'];
+        token = AuthToken.objects.get(key=req.headers['authorization']);
 
-        try:
-            validate_email(vvsu_login);
-        except ValidationError:
-            return Request({'error': 'bad login'}, 400);
-
-        try:
-            this_user = User.objects.get(openid_addr=vvsu_login);
-        except User.DoesNotExist:
-            return Response({'error': 'user not found'}, 404);
+        this_user = User.objects.get(pk=token.user);
         
+        answers_this_user = None;
         try:
-            answers_this_user = PsychTestReultsSerializer(PsychTestAnswers.objects.get(user=this_user)).dict;
+            answers_this_user = PsychTestReultsSerializer(PsychTestAnswers.objects.get(user=this_user.id)).dict;
         except PsychTestAnswers.DoesNotExist:
             return Response({'error': 'answers not found'}, 404);
 
@@ -160,10 +148,6 @@ class CompatibleUsersView(viewsets.ViewSet):
             if score / 12 * 100 > 30:
                 users.append(UserSerializer(User.objects.get(pk=user_answers[0])).data)
         
-        # for user in users_query:
-        #     if (abs(user.psych_test_result - score) < 20):
-        #         users.append(PublicUserSerializer(user).data);
-        
 
         return Response(users);
 
@@ -257,3 +241,17 @@ class UserGet(APIView):
         
         return JsonResponse(PublicUserSerializer(user).data);
 
+
+def VVSUAuthProxy(req: HttpRequest):
+    proxy = 'https://vvsu.ru/connect' + req.path[len('/api/auth/vvsu'):];
+    
+    preq = requests.request(req.method, proxy, headers={
+        'User-Agent': 'OIDC Client / Pairent',
+        'Origin': 'http://pairent.vvsu.ru',
+        'Referer': 'http://pairent.vvsu.ru'
+    });
+
+    resp = HttpResponse(preq.content);
+    resp.headers['Content-Type'] = preq.headers['Content-Type'];
+
+    return resp;
\ No newline at end of file
diff --git a/pairent_frontend_react/src/API/Tinder.js b/pairent_frontend_react/src/API/Tinder.js
new file mode 100644
index 0000000..1efca8c
--- /dev/null
+++ b/pairent_frontend_react/src/API/Tinder.js
@@ -0,0 +1,18 @@
+import { IAPIObject } from "./IAPIObject";
+import { Client } from './Client';
+
+class Tinder extends IAPIObject {
+    /**
+     * 
+     * @param {Client} client Client to use to create requests 
+     */
+    constructor(client) {
+        super();
+        this.client = client;
+        this.viewed = [];
+    }
+
+    getCompatible() {
+        
+    }
+}
\ No newline at end of file
diff --git a/pairent_frontend_react/src/API/User.js b/pairent_frontend_react/src/API/User.js
index d62bb42..067670e 100644
--- a/pairent_frontend_react/src/API/User.js
+++ b/pairent_frontend_react/src/API/User.js
@@ -2,6 +2,7 @@ import axios from 'axios';
 import constants from '../constants';
 
 import { IAPIObject } from './IAPIObject';
+import { APIToken } from './APIToken';
 
 const { API_ROOT, api_path } = constants;