Remove `attr_accessible` for Rails 4 compatibility.

[felixclack]

Using this with Rails 4 raises an error on attr_accessible as it is removed, in favour of strong_params.

The onus is now on the implementer to only permit name and redirect_uri when creating an authorization.

[danielevans]

This fixes the issue for me as well. Thanks!

[jcoglan]

We did work to make this work on ActiveRecord 4.0 a while ago, and the build is passing. Do you have a test case that fails?

[danielevans]

You can demonstrate the problem by spinning up a bare rails app with a single model and including the ResourceOwner module.

You can see this gist for a complete recreation script: https://gist.github.com/danielevans/7107532

[nicosuria]

FYI: The exact error given is

.rvm/gems/ruby-1.9.3-p448@auth/gems/activemodel-4.0.0/lib/active_model/deprecated_mass_assignment_security.rb:17:in `attr_accessible': `attr_accessible` is extracted out of Rails into a gem. Please use new recommended protection model for params(strong_parameters) or add `protected_attributes` to your Gemfile to use old one. (RuntimeError)

from /Users/xxxxx/.rvm/gems/ruby-1.9.3-p448@xxxxx/gems/songkick-oauth2-provider-0.10.2/lib/songkick/oauth2/model/client.rb:18:in `<class:Client>'

[myitcv]

+1

[andrewpbrett]

Any reason this isn't merged yet? I can also confirm it's an issue with Rails 4.

[myitcv]

Any update?

[davidpiegza]

I have the same problem, any update?

[kritik]

+1

[jbye]

+1. Any updates?

[d-natoli]

+1

[jgrevich]

:+1: any ETA as to when this will be merged?