devise-jwt does not check password_confiramtion on sign-up

Question

How to add password_confirmation and force "devise-jwt" to check it with given password?

I prepared Back-end and Front-end according to this:
Devise API Authentication With Vue JS | Ruby on Rails 7 Tutorial
here you can get source code:
github: Deanout/devise-vue-api

From postman when I send request:

POST

body:

{
    "user": {
        "email": "[email protected]",
        "password": "password",
        "password_confirmation": "password_INVALID",
        "nickname": "admin2"
    }
}

result is:

{
    "message": "Signed up sucessfully.",
    "user": {
        "id": "ac6758e1-120e-4c15-b5db-ea52b291f924",
        "email": "[email protected]",
        "created_at": "2022-03-30T22:02:39.980Z",
        "updated_at": "2022-03-30T22:02:39.980Z",
        "nickname": "admin2",
        "first_name": null,
        "last_name": null
    }
}

Probabbly validation will not be enougth:

validates :password_confirmation, presence: true

What is more this password is not checked, I asked this question here: devise-jwt does not check password on sign-in
My user.rb file looks like this:

class User < ApplicationRecord
  # Include default devise modules. Others available are:
  # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
  devise :database_authenticatable, :registerable,
         #  :recoverable, :rememberable, :validatable
         :jwt_authenticatable,
         jwt_revocation_strategy: JwtDenylist
  

  scope :only_id_and_nickname, -> { select(:id, :nickname) }

  validates :nickname, presence: true
  validates :nickname, uniqueness: true
end

Answer 1

Try to change validates :password_confirmation, presence: true

to validates :password_confirmation, presence: true, on: :create