warden.authenticate!(auth_options)

working fine for these params:

{"utf8"=>"✓", "authenticity_token"=>"5BMAUoZLUEgPZBVOAcQ8lFD4+pumP9kEvvXyelbnjeO36AZJQt2oRlraicQ6quvh/dccS0ELUkxjACgFcWFYAg==", "user"=>{"email"=>"[email protected]", "password"=>"xyz", "phone"=>"9443429932"}, "action"=>"create", "controller"=>"sessions", "format"=>"json", "session"=>{"user"=>{"email"=>"[email protected]", "password"=>"xyz", "phone"=>"9443429932"}}}

but failing for these:

{"utf8"=>"✓", "authenticity_token"=>"/ly2phwfsD3HEVkHK39ajYQGv6R4uj2z3B+3eiZEU0qtp7C92IlIM5KvxY0QEY34KSlZdJ+OtvsB6m0FAcKGqw==", "user"=>{"phone"=>"9443429932", "password"=>"xyz", "email"=>"[email protected]"}, "action"=>"create", "controller"=>"sessions", "format"=>"json", "session"=>{"user"=>{"phone"=>"9443429932", "password"=>"xyz", "email"=>"[email protected]"}}}

The data is the same in both cases except for the order. Stuck with this for long.

here is the log:

Started POST "/users/sign_in.json" for 127.0.0.1 at 2017-04-10 10:53:07 +0530 Processing by SessionsController#create as JSON
Parameters: {"utf8"=>"✓", "authenticity_token"=>"XVMbYLTgv4eFbv9pX5lJD3U6DHF17o18rVIjqQLo4skOqB17cHZHidDQY+Nk95562BXqoZLaBjRwp/nWJW43KA==", "user"=>{"phone"=>"9443429932", "password"=>"[FILTERED]"}, "session"=>{"user"=>{"phone"=>"9443429932", "password"=>"[FILTERED]"}}} User Load (0.3ms) SELECT users.* FROM users WHERE users.id = 12422916 AND (invitation_token is null) LIMIT 1 Completed 401 Unauthorized in 15ms

Found the issue. warden is reading the params from request.params I have edited the params, but it was not reflecting in request.params.

request.params[:user].merge!(params[:user])

This fixed the issue.