diff --git a/odex25_mobile/odex_web_app/__manifest__.py b/odex25_mobile/odex_web_app/__manifest__.py
index 32032bd71..1f175239b 100644
--- a/odex25_mobile/odex_web_app/__manifest__.py
+++ b/odex25_mobile/odex_web_app/__manifest__.py
@@ -11,6 +11,7 @@
         'python': ['jwt', ],
     },
     'data': [
+        'security/ir.model.access.csv',
         'views/attendance_zone_config_view.xml',
         'views/hr_employee_view.xml',
     ],
diff --git a/odex25_mobile/odex_web_app/controllers/authentication.py b/odex25_mobile/odex_web_app/controllers/authentication.py
index a1b8f5942..3f55f224b 100644
--- a/odex25_mobile/odex_web_app/controllers/authentication.py
+++ b/odex25_mobile/odex_web_app/controllers/authentication.py
@@ -31,7 +31,7 @@ class AuthenticationController(http.Controller):
             return http_helper.response(code=400, message=_('Device id is missing'), success=False)
 
         # check fcm_token
-        if not kw.get('fcm_token'):
+        if not kw.get('fcm_token') and not kw.get('fcm_token_web'):
             return http_helper.response(code=400, message=_('FCM Token is missing'), success=False)
 
         user = request.env['res.users'].sudo().search([('login', '=', login)], limit=1)
@@ -51,8 +51,12 @@ class AuthenticationController(http.Controller):
             employee.sudo().write({'device_id': kw.get('device_id')})
 
         # write fcm_token and fcm_token_web in employee
-        if employee and (kw.get('fcm_token') or kw.get('fcm_token_web')):
-            employee.sudo().write({'fcm_token': kw.get('fcm_token'), 'fcm_token_web': kw.get('fcm_token_web')})
+        fcm_token = kw.get('fcm_token') or kw.get('fcm_token_web')
+        if employee and fcm_token:
+            if 'fcm_token' in employee.fields_get():
+                employee.sudo().write({'fcm_token': fcm_token})
+            elif 'fcm_token_web' in employee.fields_get():
+                employee.sudo().write({'fcm_token_web': fcm_token})
 
         dic['token'] = token
         http_helper.cleanup();
diff --git a/odex25_mobile/odex_web_app/models/__init__.py b/odex25_mobile/odex_web_app/models/__init__.py
index 519a9c2cc..87567c3ab 100644
--- a/odex25_mobile/odex_web_app/models/__init__.py
+++ b/odex25_mobile/odex_web_app/models/__init__.py
@@ -2,3 +2,4 @@ from . import hr_employee
 from . import attendence_zone_config
 from . import mail_thread
 from . import access_token
+from . import res_users
diff --git a/odex25_mobile/odex_web_app/models/hr_employee.py b/odex25_mobile/odex_web_app/models/hr_employee.py
index 6bebb9c58..c46dff3e4 100644
--- a/odex25_mobile/odex_web_app/models/hr_employee.py
+++ b/odex25_mobile/odex_web_app/models/hr_employee.py
@@ -10,6 +10,7 @@ import json, requests
 class HrEmployee(models.Model):
     _inherit = 'hr.employee'
 
+    device_id = fields.Char(string="Employee Device ")
     fcm_token_web = fields.Char(string='FCM Web Token')
 
 
diff --git a/odex25_mobile/odex_web_app/models/res_users.py b/odex25_mobile/odex_web_app/models/res_users.py
new file mode 100644
index 000000000..973f79683
--- /dev/null
+++ b/odex25_mobile/odex_web_app/models/res_users.py
@@ -0,0 +1,99 @@
+import werkzeug
+
+from odoo.exceptions import AccessDenied
+from odoo import api, models, fields, SUPERUSER_ID
+
+import logging
+
+_logger = logging.getLogger(__name__)
+
+from ..validator import validator
+
+
+class Users(models.Model):
+    _inherit = "res.users"
+
+    access_token_ids = fields.One2many(
+        string="Access Tokens",
+        comodel_name="jwt_provider.access_token",
+        inverse_name="user_id",
+    )
+
+    avatar = fields.Char(compute="_compute_avatar")
+    # is_verified = fields.Boolean("Verified" , default=False)
+
+    @classmethod
+    def _login(cls, db, login, password, user_agent_env):
+        user_id = super(Users, cls)._login(
+            db, login, password, user_agent_env=user_agent_env
+        )
+        if user_id:
+            return user_id
+        uid = validator.verify(password)
+        return uid
+
+    @api.model
+    def check_credentials(self, password):
+        try:
+            super(Users, self).check_credentials(password)
+        except AccessDenied:
+            # verify password as token
+            if not validator.verify(password):
+                raise
+
+    @api.depends("image_1024")
+    def _compute_avatar(self):
+        base = self.env["ir.config_parameter"].sudo().get_param("web.base.url")
+        for u in self:
+            u.avatar = werkzeug.urls.url_join(base, "rest_api/web/avatar/%d" % u.id)
+
+    # @api.multi
+    def to_dict(self, single=False):
+        res = []
+        for u in self:
+            d = u.read(["email", "name", "avatar", "mobile", "phone", "partner_id"])[0]
+            d["user_id"] = self.id
+            d["partner_id"] = self.partner_id.id
+            d["lang"] = self.partner_id.lang
+            groups = self.user_groups()
+            d["groups"] = groups
+            employee = (
+                self.env["hr.employee"]
+                .sudo()
+                .search([("user_id", "=", self.id)], limit=1)
+            )
+            # attendance_status = validator.get_attendance_check(employee)
+            d["job"] = employee.job_id.name if employee and employee.job_id else None
+            d["employe_id"] = employee.id if employee and employee.id else None
+            # d["attendance_status"] = attendance_status if attendance_status else None
+
+            res.append(d)
+
+        return res[0] if single else res
+
+    def user_groups(self):
+        groups = []
+        if self.has_group("base.group_user"):
+            groups.append("group_user")
+        if self.has_group("hr_base.group_division_manager"):
+            groups.append("group_division_manager")
+        if self.has_group("hr.group_hr_manager"):
+            groups.append("group_hr_manager")
+        if self.has_group("hr_base.group_executive_manager"):
+            groups.append("group_executive_manager")
+        if self.has_group("hr_loans_salary_advance.group_loan_user"):
+            groups.append("group_loan_user")
+        if self.has_group("hr_base.group_general_manager"):
+            groups.append("group_general_manager")
+        if self.has_group("hr_base.group_account_manager"):
+            groups.append("group_account_manager")
+        if self.has_group("hr.group_hr_user"):
+            groups.append("group_hr_user")
+        if self.has_group("hr_timesheet.group_timesheet_manager"):
+            groups.append("group_timesheet_manager")
+        if self.has_group("hr_holidays.group_hr_holidays_user"):
+            groups.append("group_hr_holidays_user")
+        if self.has_group("hr_base.group_department_manager"):
+            groups.append("group_department_manager")
+
+        return groups
diff --git a/odex25_mobile/odex_web_app/security/ir.model.access.csv b/odex25_mobile/odex_web_app/security/ir.model.access.csv
new file mode 100644
index 000000000..4a82f77dc
--- /dev/null
+++ b/odex25_mobile/odex_web_app/security/ir.model.access.csv
@@ -0,0 +1,2 @@
+id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
+access_jwt_access_token,Read.jwt.access.token,model_jwt_provider_access_token,,1,0,0,0