diff --git a/backend/account/serializers.py b/backend/account/serializers.py
index fb47e54..7a82d81 100644
--- a/backend/account/serializers.py
+++ b/backend/account/serializers.py
@@ -1,9 +1,12 @@
 from .models import *
 from rest_framework import serializers
+from rest_framework_simplejwt.serializers import TokenObtainPairSerializer
 
-
-
-
+class CustomTokenObtainPairSerializer(TokenObtainPairSerializer):
+    otp = serializers.CharField(required=False)
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        del self.fields['password']
 class ProfileSerializer(serializers.ModelSerializer):
     class Meta:
         model = User
diff --git a/backend/account/urls.py b/backend/account/urls.py
index 106fe30..8d04a97 100644
--- a/backend/account/urls.py
+++ b/backend/account/urls.py
@@ -3,10 +3,10 @@ from . import views
 
 urlpatterns = [
     path('profile', views.ProfileView.as_view()),
+    path('send_otp', views.SendOTPView.as_view(), name='send-otp-view'),
     path('address/create', views.CreateAddressView.as_view(), name='create-address'),
     path('address/edit/<int:pk>', views.EditAddressView.as_view(), name='edit-address'),
     path('address/delete/<int:pk>', views.DeleteAddressView.as_view(), name='delete-address'),
     path('address/list', views.GetUserAddressesView.as_view(), name='list-addresses'),
     path('address/<int:pk>', views.GetIDUserAddressView.as_view(), name='get-ID-address'),
-
 ]
\ No newline at end of file
diff --git a/backend/account/views.py b/backend/account/views.py
index 15323f3..5c963a1 100644
--- a/backend/account/views.py
+++ b/backend/account/views.py
@@ -2,9 +2,69 @@ from django.shortcuts import render
 from rest_framework.views import APIView
 from rest_framework import generics, permissions, status
 from rest_framework.response import Response
-from .serializers import ProfileSerializer, UserAddressSerializer
-from .models import UserAddressModel
-from rest_framework.permissions import IsAuthenticated
+from .serializers import ProfileSerializer, UserAddressSerializer, CustomTokenObtainPairSerializer
+from .models import UserAddressModel, User
+from rest_framework.permissions import IsAuthenticated, AllowAny
+from drf_spectacular.utils import extend_schema, OpenApiParameter
+from rest_framework_simplejwt.views import TokenObtainPairView
+from django.shortcuts import get_object_or_404
+from rest_framework_simplejwt.tokens import RefreshToken
+class SendOTPView(APIView):
+    permission_classes = [AllowAny]
+    @extend_schema(
+        request={
+            "application/json": {
+                "type": "object",
+                "properties": {
+                    "phone": {"type": "string", "example": "09123456789"},
+                },
+                "required": ["phone"],
+            }
+        },
+    )
+    def post(self, request):
+        phone = request.data.get('phone')
+        try:
+            user, created = User.objects.get_or_create(phone=phone)
+            print(created)
+            print(user.phone)
+            user.set_otp()
+            message = f"کد یک بار مصرف : {user.otp}"
+            print(message)
+            # send otp
+            return Response({'detail': 'OTP sent successfully'}, status=status.HTTP_200_OK)
+
+        except User.DoesNotExist:
+            return Response({'detail': 'User not found'}, status=status.HTTP_404_NOT_FOUND)
+
+
+class CustomTokenObtainPairView(TokenObtainPairView):
+    serializer_class = CustomTokenObtainPairSerializer
+    # @extend_schema(
+    #     tags=["Authentication"]
+    # )
+    def post(self, request, *args, **kwargs):
+        phone = request.data.get("phone")
+        otp = request.data.get("otp")
+        user = get_object_or_404(User, phone=phone)
+        if user:
+            if not otp:
+                return Response({'detail': 'کد یک بار مصرف ضروری میباشد'}, status=status.HTTP_401_UNAUTHORIZED)
+            if not user.verify_otp(otp):
+                return Response({'detail': 'کد یک بار مصرف منقضی شده یا اشتباه است'}, status=status.HTTP_401_UNAUTHORIZED)
+            
+            user.clear_otp()
+            refresh = RefreshToken.for_user(user)
+            return Response({
+                'refresh': str(refresh),
+                'access': str(refresh.access_token),
+            })
+
+        return Response({'detail': 'Invalid credentials'}, status=status.HTTP_401_UNAUTHORIZED)
+
+
+
+
 class ProfileView(APIView):
     serializer_class = ProfileSerializer
     permission_classes = [IsAuthenticated]
diff --git a/backend/core/settings.py b/backend/core/settings.py
index 0af70f0..208fcdd 100644
--- a/backend/core/settings.py
+++ b/backend/core/settings.py
@@ -92,7 +92,6 @@ INSTALLED_APPS = [
     'rest_framework_simplejwt',
     'rest_framework_simplejwt.token_blacklist',
     'rest_framework.authtoken',
-    'djoser',
     # custom apps
     'product',
     'account',
diff --git a/backend/core/urls.py b/backend/core/urls.py
index 84a2536..7976fc5 100644
--- a/backend/core/urls.py
+++ b/backend/core/urls.py
@@ -5,15 +5,17 @@ from drf_spectacular.views import SpectacularSwaggerView, SpectacularAPIView
 from django.conf import settings
 from rest_framework_simplejwt.views import TokenObtainPairView,TokenRefreshView
 from product import views
+from account.views import CustomTokenObtainPairView
+
 
 urlpatterns = [
 
     # djoser
-    path('auth/', include('djoser.urls')),
-    path('auth/', include('djoser.urls.jwt')),
+    # path('auth/', include('djoser.urls')),
+    # path('auth/', include('djoser.urls.jwt')),
 
 
-    path('token/', TokenObtainPairView.as_view(), name='token_obtain_pair'),
+    path('token/', CustomTokenObtainPairView.as_view(), name='token_obtain_pair'),
     path('token/refresh/', TokenRefreshView.as_view(), name='token_refresh'),
     path('admin/', admin.site.urls),
     path('schema/', SpectacularAPIView.as_view(), name='schema'),