Solution:
Don't use the protected method signup_params. I used my own method:
def allowed_params
params.permit(:first_name, :email, :password, :password_confirmation)
end
the build_resource call uses this method.
build_resource(allowed_params)
I copied the create action from Devise::Registrations controller and customized it:
def create
build_resource(allowed_params)
resource.save
if resource.persisted?
if resource.active_for_authentication?
sign_up(resource_name, resource)
respond_with resource, location: after_sign_up_path_for(resource)
else
expire_data_after_sign_in!
respond_with resource, location: after_inactive_sign_up_path_for(resource)
end
else
clean_up_passwords resource
set_minimum_password_length
respond_with resource
end
end
