Client-side generated ID's

[batshoes]

Er, hello. It's me again.

I'd like to discuss the addition of :id in the translated params hash.
https://jsonapi.org/format/#crud-creating-client-ids

Our app and use case requires the inclusion of Client Generated ID's, and I'm finding that on my create actions I'm having to add params.dig(:data, :id)

I think this is a simple case of merging the id when creating the @jsonapi_unsafe_params and letting the rails controller whitelist do the stripping if necessary. i.e. strong params.

Case for:

• Shouldn't be the gem's job to remove :id if it's unwanted.

Case against:

• Unexpected addition of :id poses a security risk for anyone not expecting (and guarding against) it.

[Marahin]

Hi!

That must be an interesting use case, and indeed it is something to consider.
It is great to hear feedback about the functionality as initially we started building it to suit our needs.

Thanks for opening the issue, and off I go for PR review :)

[Marahin]

The PR has been merged, so I'm closing this. Thanks!