diff --git a/pairent_backend/pairent_app/urls.py b/pairent_backend/pairent_app/urls.py
index 61e21df..55a63df 100644
--- a/pairent_backend/pairent_app/urls.py
+++ b/pairent_backend/pairent_app/urls.py
@@ -12,5 +12,8 @@ urlpatterns = format_suffix_patterns([
     path("apartaments/filters/", views.ApartmentFilter.as_view({'post': 'list'})),
     path("psych_test/add_result/<int:pk>", views.PsychTestAddResultViewSet.as_view({'post': 'create'})), # пример: psych_test/add_result/1/?result=50 result - результат псих теста пользователя
     path("users/get_compatible", views.CompatibleUsersView.as_view({'post': 'list'})),
+
+    # auth
     re_path(r'^auth/vvsu/', views.VVSUAuthProxy),
+    path('auth/user/login', views.UserLogin)
 ])
diff --git a/pairent_backend/pairent_app/views.py b/pairent_backend/pairent_app/views.py
index e773b32..12737d5 100644
--- a/pairent_backend/pairent_app/views.py
+++ b/pairent_backend/pairent_app/views.py
@@ -2,6 +2,7 @@ from rest_framework import viewsets
 from rest_framework.response import Response
 from rest_framework.views import APIView, View
 from rest_framework.request import Request
+from django.views.decorators.csrf import csrf_exempt
 
 from django.http import HttpResponseBadRequest, HttpResponse
 from django.db.models.query import QuerySet
@@ -169,4 +170,8 @@ def VVSUAuthProxy(req: Request):
     resp = HttpResponse(preq.content);
     resp.headers['Content-Type'] = preq.headers['Content-Type'];
 
-    return resp;
\ No newline at end of file
+    return resp;
+
+def UserLogin(req: Request):
+    data = req.data
+    return HttpResponse(data);
diff --git a/pairent_backend/pairent_backend/settings.py b/pairent_backend/pairent_backend/settings.py
index 9a97b53..c9eef6b 100644
--- a/pairent_backend/pairent_backend/settings.py
+++ b/pairent_backend/pairent_backend/settings.py
@@ -65,7 +65,7 @@ REST_FRAMEWORK = {
 }
 
 # Настройка отвечающая, что все могут отправлять запрос на бекенд. УБРАТЬ ПРИ ПРОДАКШЕНЕ! 
-CORS_ORIGIN_ALLOW_ALL = True
+
 
 ROOT_URLCONF = 'pairent_backend.urls'
 
@@ -146,3 +146,17 @@ STATIC_URL = 'src/'
 # https://docs.djangoproject.com/en/4.1/ref/settings/#default-auto-field
 
 DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'
+
+# VVSU Auth
+OIDC_CONF = {
+    'client-id': 'it-hub-client',
+    'client-secret': 'U8y@uPVee6Q^*729esHTo4Vd',
+    'authority': "https://vvsu.ru/connect"
+}
+
+# CSRF
+CORS_ORIGIN_ALLOW_ALL = DEBUG
+CSRF_COOKIE_SECURE =    not DEBUG
+CSRF_COOKIE_HTTPONLY =  not DEBUG
+CSRF_TRUSTED_ORIGINS = ['http://pairent.vvsu.ru', 'http://localhost']
+CORS_ORIGIN_WHITELIST = ('http://pairent.vvsu.ru', 'http://localhost')
\ No newline at end of file
diff --git a/pairent_frontend_react/src/API/User.js b/pairent_frontend_react/src/API/User.js
index 4a24dd8..a7ad59f 100644
--- a/pairent_frontend_react/src/API/User.js
+++ b/pairent_frontend_react/src/API/User.js
@@ -16,7 +16,13 @@ class UserLoginResponse {
 
 class User {
     constructor(data) {
-        this = { ...data, ...this };
+        for (const key in data) {
+            this[key] = data[key];
+        }
+    }
+
+    static restoreFromLocalStorage() {
+        
     }
 
     /** @param {string} id */
@@ -34,7 +40,9 @@ class User {
             return;
         }
 
-        const data = await axios.post(api_path('/auth/user/login'), response);
-        
+        const data = await axios.post(api_path('/api/auth/user/login'), response);
+        return data.data;
     }
-}
\ No newline at end of file
+}
+
+export { User, UserLoginResponse }
\ No newline at end of file
diff --git a/pairent_frontend_react/src/components/Header/index.jsx b/pairent_frontend_react/src/components/Header/index.jsx
index b4cceb3..ae882f4 100644
--- a/pairent_frontend_react/src/components/Header/index.jsx
+++ b/pairent_frontend_react/src/components/Header/index.jsx
@@ -6,6 +6,7 @@ import SVGIcon from '../UI/Icon/SVGIcon';
 // import './styles/Header.css';
 
 const HeaderElement = styled.header`
+    min-width: 950px;
     display: flex;
     justify-content: space-between;
     align-items: center;
diff --git a/pairent_frontend_react/src/pages/LoggedIn/index.jsx b/pairent_frontend_react/src/pages/LoggedIn/index.jsx
index 6f3165d..c17409e 100644
--- a/pairent_frontend_react/src/pages/LoggedIn/index.jsx
+++ b/pairent_frontend_react/src/pages/LoggedIn/index.jsx
@@ -1,7 +1,8 @@
 import React from "react";
 import { styled } from "styled-components";
 import { HashLoader } from "react-spinners";
-import { SigninResponse, SigninState, UserManager } from 'oidc-client-ts';
+import { SigninResponse } from 'oidc-client-ts';
+import { User } from "../../API/User";
 import FloatingBox from "../../components/UI/FloatingBox";
 
 import constants from "../../constants";
@@ -31,13 +32,12 @@ export default class LoggedIn extends React.Component {
     constructor(props) {
         super(props);
         this.response = new SigninResponse(new URL(window.location.href).searchParams);
-        this.signin_state = SigninState.fromStorageString(window.localStorage.getItem('oidc_signin_state'));
 
     }
 
     async componentDidMount() {
         if (this.response.error) return;
-        
+        User.login(this.response);
     }
 
     render() {
@@ -47,7 +47,7 @@ export default class LoggedIn extends React.Component {
                     <CenterContainer>
                         <h2>Подождите пожалуйста</h2>
                         <div style={{margin: '36px auto', width:'fit-content'}}>
-                            <HashLoader size='80' color='#0077aa' />
+                            <HashLoader size='80px' color='#0077aa' />
                         </div>
                     </CenterContainer>
                 </div>