I am using strong_parameters and devise_invitable in my rails application. If I leave it as it is the “Forbidden Attribute” run time error is what I get. So I did the following:

1. Created a new controller using rails g controller users/invitations
2. Added :invitations => "users/invitations" to devise_for

3. Populated users/invitations.rb like so:

   class Users::InvitationsController < Devise::InvitationsController
      def update
       self.resource = resource_class.accept_invitation!(allowed_params)
   
       if resource.errors.empty?
         set_flash_message :notice, :updated
         sign_in(resource_name, resource)
         respond_with resource, :location => after_accept_path_for(resource)
       else
         respond_with_navigational(resource){ render :edit }
       end
   end
   
    private
   
     def allowed_params
        params.permit(:utf8,:authenticity_token,:invitation_token, :_method,
        {user: [:invitation_token,:password,:password_confirmation]}, :commit, 
        :action,:controller)
     end
   end
   

However, when I do that I get the error “Invitation token can’t be blank”. I’ve checked the values of allowed_params, using puts and it appears that it is there. Yet, I still get the error.