apps.py

from django.apps import AppConfig

class UsersConfig(AppConfig):
    name = "users"

models.py

from django.contrib.auth.models import AbstractUser
from django.db import models
from django.contrib.postgres.fields import JSONField


class CustomUser(AbstractUser):
    user_id = models.AutoField(primary_key=True)
    joined = models.DateTimeField(auto_now_add=True)

    user_data = JSONField(default=dict)

permissions.py

from rest_framework import permissions


class IsOwnerOrReadOnly(permissions.BasePermission):
    """
    Custom permission to only allow owners of an object to edit it.
    """

    def has_object_permission(self, request, view, obj):
        # Read permissions are allowed to any request,
        # so we'll always allow GET, HEAD or OPTIONS requests.
        if request.method in permissions.SAFE_METHODS:
            return True

        # Write permissions are only allowed to the owner of the snippet.
        return obj.owner == request.user


class IsAdminOrReadOnly(permissions.BasePermission):
    """
    Custom permission to only allow admins
    """

    def has_object_permission(self, request, view, obj):
        # Read permissions are allowed to any request,
        # so we'll always allow GET, HEAD or OPTIONS requests.
        if request.method in permissions.SAFE_METHODS:
            return True

        # Write permissions are only allowed to the owner of the snippet.
        return request.user.is_superuser

serializers.py

from rest_framework import serializers
from django.contrib.auth import get_user_model


class UserSerializer(serializers.ModelSerializer):
    class Meta:
        model = get_user_model()
        fields = ("user_id", "user_data")

urls.py

from django.contrib import admin
from django.urls import path, include
from rest_framework_swagger.views import get_swagger_view
from django.conf.urls import url
from users.views import FacebookLogin

docs_view = get_swagger_view(title="API Endpoints")

urlpatterns = [
    path("admin/", admin.site.urls),
    path("rest-auth/", include("rest_auth.urls")),
    path("rest-auth/registration/", include("rest_auth.registration.urls")),
    path("api/v1/", include("api.urls")),
    url(r"^rest-auth/facebook/$", FacebookLogin.as_view(), name="fb_login"),
    path("docs/", docs_view),
]

views.py

from django.shortcuts import render

from allauth.socialaccount.providers.facebook.views import FacebookOAuth2Adapter
from rest_auth.registration.views import SocialLoginView


from django.contrib.auth import get_user_model
from rest_framework import viewsets

from users.serializers import UserSerializer
from rest_framework.parsers import FormParser, MultiPartParser
from rest_framework.mixins import UpdateModelMixin


class FacebookLogin(SocialLoginView):
    adapter_class = FacebookOAuth2Adapter


class UserViewSet(viewsets.ReadOnlyModelViewSet, UpdateModelMixin):
    """
    POST request to users/me/ returns the user data
    don't forget to add user token to Authorization header
    """

    queryset = get_user_model().objects.all()
    serializer_class = UserSerializer
    parser_classes = (
        MultiPartParser,
        FormParser,
    )

    def perform_create(self, serializer):
        serializer.save(owner=self.request.user,)

    def put(self, request, *args, **kwargs):
        return self.partial_update(request, *args, **kwargs)

    def get_object(self):
        pk = self.kwargs.get("pk")

        if pk == "me":
            return self.request.user

        return super(UserViewSet, self).get_object()