I have a Rails 4.0.13 app using Devise 3.5.10. My User model is :omniauthable using a nested authentications has_many relation, so the user can Omniauth by several providers:
class User < ActiveRecord::Base
devise :database_authenticatable, :registerable, :confirmable,
:recoverable, :rememberable, :trackable,
:omniauthable, :omniauth_providers => Authentication.auth_methods
has_many :authentications, dependent: :destroy
accepts_nested_attributes_for :authentications
end
(I originally implemented this some time ago on Rails 3.2, so I don't recall the exact changes I had to make to make this work. I don't believe it's relevant, but can try to look it out if necessary).
This means that a User sign-up using Omniauth has parameters like:
Parameters: {"utf8"=>"✓", "user"=>{
"authentications_attributes"=>
{"0"=>{"provider"=>"open_id",
"uid"=>"http://pretend.openid.example.com?id=12345",
"nickname"=>"http://pretend.openid.example.com"}},
"name"=>"Person1",
"email"=>"[email protected]", "password"=>"[FILTERED]",
"password_confirmation"=>"[FILTERED]"}, "commit"=>"Sign up"}
I cannot figure out how to get strong parameters to permit this. My current attempt is params.require(:user).permit(:name, :email, :password, :password_confirmation, authentications_attributes: {"0" => [:provider, :uid, :nickname]}), but that still produces a log of Unpermitted parameters: provider, uid, nickname.
How can I permit these parameters?
When specifying nested parameters, the XYZ_attributes portion takes an array, not a hash.
In your case, try
authentications_attributes: [:provider, :uid, :nickname]
in
params.require(:user).permit(:name, :email, :password, :password_confirmation, authentications_attributes: [:provider, :uid, :nickname])
Source: https://github.com/rails/strong_parameters#nested-parameters