# `PhoenixKitWeb.Users.OAuth`
[🔗](https://github.com/BeamLabEU/phoenix_kit/blob/v1.7.164/lib/phoenix_kit_web/users/oauth.ex#L2)

OAuth authentication controller using Ueberauth with dynamic provider configuration.

This controller uses `Ueberauth.run_request/4` and `Ueberauth.run_callback/4` for
dynamic OAuth invocation, eliminating compile-time configuration requirements.
OAuth credentials are loaded from database at runtime.

This controller requires the following optional dependencies to be installed:
- ueberauth
- ueberauth_google (for Google Sign-In)
- ueberauth_apple (for Apple Sign-In)
- ueberauth_github (for GitHub Sign-In)
- ueberauth_facebook (for Facebook Sign-In)

If these dependencies are not installed, a fallback controller will be used instead.

## Add-account via OAuth

When the request action receives `add_account=1` as a query parameter it sets a
short-lived session key `:oauth_add_account_intent` to `"add_account"`. The callback
reads and immediately clears this key. When it is present AND there is a valid root
user AND `MultiSession.gate_allowed?/1` is true, the callback adds the OAuth-
authenticated user to the multi-session stack via `MultiSession.add_authenticated_user/2`
instead of performing a full login.

The marker is distinct from `:oauth_return_to` and `:oauth_referral_code` and does NOT
interact with the existing settings-page provider-link flow (which has no session marker
at all and is handled by a separate LiveView).

# `callback`

Handles OAuth callback from provider.

Uses `Ueberauth.run_callback/4` for dynamic OAuth invocation,
then processes the result from conn.assigns.

# `request`

Initiates OAuth authentication flow.

Uses `Ueberauth.run_request/4` for dynamic OAuth invocation,
reading credentials from database at runtime.

---

*Consult [api-reference.md](api-reference.md) for complete listing*