Devise conflicting with Strong Parameters when doing an api only app

Question

I wanted to create an api only app with the new gem: strong_parameters. My app uses devise token authentication to authenticate the user. Everything was working great until I realized the user can never be authenticated. I've followed all the guides for creating an api and using devise. Even did the prepend before filter to grab the token and assign it to the auth_token param. Every time I try to get data I get this response "{"error":"You need to sign in or sign up before continuing."}" even though I'm sending the user's token in the HTTP header.

I can make a request to get the auth_token just fine, but when I ping say the user index method on the user's controller I'll get the error listed above. I've included the auth token in the HTTP header like so :headers => {"Authorization" => "Token token=#{token["auth_token"]}"} (this is in my api tester class that i'm using to test the api.)

I took out strong parameters and now I don't have that problem. Anyone else having an api error with devise and strong_parameters?

Answer 1

Try looking at these changes https://gist.github.com/kazpsp/3350730 to whitelist the information for devise and strong_parameters