Getting Authentication passthru for Omniauth when Devise.setup is wrapped under Rails.application.reloader.to_prepare

[kcore]

Pre-check

• Do not use the issues tracker for help or support, try Stack Overflow.
• For bugs, do a quick search and make sure the bug has not yet been reported
• If you found a security bug, do not report it through GitHub. Please send an e-mail to heartcombo@googlegroups.com instead.
• Finally, be nice and have fun!

Environment

• Ruby 2.7.6
• Rails 6.7.1.8
• Devise 4.8.1

Current behavior

As part of the ruby 3.0 & Rails 7 upgrade prep, I updated config.active_support.deprecation = :raise so that we understand what all we need to fix before we move. One of the first things that came was DEPRECATION WARNING: Initialization autoloaded the constant Devise::Mailer so I wrapped the entire config/initializers/devise.rb contents under Rails.application.reloader.to_prepare

Rails.application.reloader.to_prepare do
     Devise.setup do |config|
        ...
     end
end

Everything worked like a charm; until it didn't! We use omniauth (google, microsoft etc). The authorize urls starting to fail with "not found. authentication passthru"

Started POST "/users/auth/google_oauth2" for ::1 at 2024-07-09 15:50:21 +0530
Processing by Users::OmniauthCallbacksController#passthru as HTML
  Parameters: {"authenticity_token"=>"XXXXXXXXXXXXXXXXXXX"}
  Rendering text template
  Rendered text template (Duration: 0.0ms | Allocations: 3)
Completed 404 Not Found in 59ms (Views: 5.5ms | MongoDB: 0.0ms | Allocations: 70764)

Strangely, with the reloader block, even if I removed the oauth strategy registration

config.omniauth :google_oauth2, OAUTH_GOOGLE_CLIENT_ID, OAUTH_GOOGLE_SECRET, {
    name: 'google_oauth2',
    scope: OAUTH_GOOGLE_CALENDAR_SCOPE.join(","),
    prompt: "consent",
    strategy_class: OmniAuth::Strategies::GoogleOauth2
  }

the authorizer urls (user_google_oauth2_omniauth_authorize_path) still didn't give any errors and loaded just fine which led to the believe that there was some issue in the Devise.setup part eventually leading to me realising the only change that was done was adding the reloader block!

I finally update my devise initializer to move out of the reloader block and everything started to work again!

Rails.application.reloader.to_prepare do
  Devise::Mailer.default .......
end
Devise.setup do |config|
  ....
end

Can someone please explain why this happened and if this is indeed a bug or an expected behaviour?

Expected behavior

Adding the entire devise setup block under Rails.reloader should not affect its behaviour

[jomsie]

I had this same issue, and thank you @kcore for the temporary(?) fix!