Hi there,

In my Rails 3.2 controller action when I use the following code:

@auth = OAuth2::Provider::Authorization.new(resource, params)
@auth.grant_access!

I am getting the following exception:

ActiveModel::MassAssignmentSecurity::Error (Can't mass-assign protected attributes: owner, client):
app/controllers/users/registrations_controller.rb:14:in `create'

I believe this is because in Rails 3.2.3 there was a security change that sees attribute mass assignment change from defaulting to off if no attr_accessible is declared.

Has anyone else encountered this?

Hey,

I have the same issue:

ActiveModel::MassAssignmentSecurity::Error (Can't mass-assign protected attributes: owner, client):
config/initializers/oauth2_provider.rb:8:in block in <top (required)>' app/controllers/oauth_controller.rb:6:innew'
app/controllers/oauth_controller.rb:6:in `access_token'

@jpmcgrath I fixed just adding attr_accessible in the model

edgar@c68ba4f

Now is working in rails 3.2.6, with default settings

Here the pull request for this little fix: #29

@edgar Thanks for that. I ended up coming up with the same solution but then ran into other issues. In the end I switched over to another oauth2 library as I suspected (maybe wrongly) that the projects maintainer isn't very active here.

Anyway, thanks again. Good luck with it!

Cheers.

@jpmcgrath just curious, what is the another lib? this one: https://github.com/assaf/rack-oauth2-server ?

Thanks

@edgar Didn't see that one in my search, but it looks nice. I tried Doorkeeper and a few others but ended up settling on https://github.com/pelle/oauth-plugin/

A difficult choice to be sure.

We've just done a bunch of work on this code -- we have Authorization.attr_accessible nil and have adjusted internal calls appropriately. The pull request #29 referenced above has been closed.