Unpermitted parameter: :token

[NfoCipher]

When issuing the example curl call:
curl --location --request POST 'http://127.0.0.1:3000/users/tokens/sign_up' --header 'Content-Type: application/json' --data-raw '{ "email": "test2@development.com", "password": "123456" }' I do get a response of: {"token":"xmRbTRpBxbCkyN9Rgzs6_usJTb_wFnB7qL36fioh5bTLa8XAQTwca-12vz3P","refresh_token":"eigFtc3nPqTR41KJh7ktRiCtVqsM6n4izBx6yzNzqKjURyZ9vqz7McRbunSf","expires_in":3600,"token_type":"Bearer","resource_owner":{"id":2,"email":"test2@development.com","created_at":"2023-02-24T22:12:38.043Z","updated_at":"2023-02-24T22:12:38.043Z"}}

But, the rails logs contain:
Processing by Devise::Api::TokensController#sign_up as */* Parameters: {"email"=>"test2@development.com", "password"=>"[FILTERED]", "token"=>{}} Unpermitted parameter: :token. Context: { controller: Devise::Api::TokensController, action: sign_up, request: #<ActionDispatch::Request:0x000000010ed12950>, params: {"email"=>"test2@development.com", "password"=>"[FILTERED]", "controller"=>"devise/api/tokens", "action"=>"sign_up", "token"=>{}} } Unpermitted parameter: :token. Context: { controller: Devise::Api::TokensController, action: sign_up, request: #<ActionDispatch::Request:0x000000010ed12950>, params: {"email"=>"test2@development.com", "password"=>"[FILTERED]", "controller"=>"devise/api/tokens", "action"=>"sign_up", "token"=>{}} }

Any ideas?

[1gn0r4nd]

I think the rails log is from a different curl command. the rails log looks like a request with parameter --data-raw '{ "email": "test2@development.com", "password": "123456"m "token": "{}" }'. You don't need a token to sign up AFAIK, but if you wish to add it, perhaps add it in the function sign_up_params in the subclass of Devise::Api::TokensController

[NfoCipher]

That's the correct curl command. And most likely part of the issue.

[nejdetkadir]

Hello @NfoCipher , I think @1gn0r4nd is right, could you check your request and logs?

[NfoCipher]

Here's the test project: https://github.com/Deanout/devise_api
You should get the same error from that.

[vergil-zhao]

I met the same problem. The request body doesn't have a token field, but the log still showed Unpermitted parameter: :token.

[dafal]

Same here:

Unpermitted parameter: :token. Context: { controller: Devise::Api::TokensController, action: sign_in, request: #<ActionDispatch::Request:0x0000ffff85276c28>, params: {"email"=>"user1@example.com", "password"=>"[FILTERED]", "controller"=>"devise/api/tokens", "action"=>"sign_in", "token"=>{}} }

[TruAmbition]

I too am experiencing something, similar.

Sending this logic directly from Postman for troubleshooting:

var axios = require('axios');
var data = JSON.stringify({
  "email": "truman@example.com",
  "password": "password"
});

var config = {
  method: 'post',
  url: 'http://127.0.0.1:3000/users/tokens/sign_in',
  headers: { 
    'Content-Type': 'application/json'
  },
  data : data
};

axios(config)
.then(function (response) {
  console.log(JSON.stringify(response.data));
})
.catch(function (error) {
  console.log(error);
});

Rails Log:

Processing by Devise::Api::TokensController#sign_in as HTML
  Parameters: {"email"=>"truman@morphxr.io", "password"=>"[FILTERED]", "token"=>{}}
Unpermitted parameter: :token. Context: { controller: Devise::Api::TokensController, action: sign_in, request: #<ActionDispatch::Request:0x0000000105d760f8>, params: {"email"=>"truman@morphxr.io", "password"=>"[FILTERED]", "controller"=>"devise/api/tokens", "action"=>"sign_in", "token"=>{}} }

Login is successful, but Rails logs show the message above

[erick-sk]

I too am experiencing something, similar.

Started POST "/users/tokens/sign_in" for 127.0.0.1 at 2023-10-09 15:38:38 -0500
Processing by Devise::Api::TokensController#sign_in as /
Parameters: {"email"=>"admin@mail.com", "password"=>"[FILTERED]", "token"=>{}}
Unpermitted parameter: :token. Context: { controller: Devise::Api::TokensController, action: sign_in, request: #ActionDispatch::Request:0x00007ff54fa4b2c0, params: {"email"=>"admin@mail.com", "password"=>"[FILTERED]", "controller"=>"devise/api/tokens", "action"=>"sign_in", "token"=>{}} }
Unpermitted parameter: :token. Context: { controller: Devise::Api::TokensController, action: sign_in, request: #ActionDispatch::Request:0x00007ff54fa4b2c0, params: {"email"=>"admin@mail.com", "password"=>"[FILTERED]", "controller"=>"devise/api/tokens", "action"=>"sign_in", "token"=>{}} }

I can get a successful start but i have this message in the rails log

[wandenberg]

I had the same problem.
Temporarily solved by running the below code on the app initialization.
Would be good to have the Devise::Api::TokensController calling the wrap_parameters false on it to avoid this more drastic solution.

ActiveSupport.on_load(:action_controller) do
  wrap_parameters false
end

[mattschwartznomad]

Has anyone found a solution to this that is less application-wide than the one above. This is still a problem.