/*
 * Platform-tier auth-actions styling for restricted-session UI.
 *
 * Brief:    docs/briefs/platform-mfa-1H-001.md (rev 1.10 Amendment X §R228)
 * Backlog:  closure-backlog 1H-001-#26 (broader auth-card primitive extraction
 *           deferred to PR-C2's third use per Second-Time Rule)
 *
 * Owns the .auth-links cluster: a chrome-stripped flex container for
 * link-styled buttons inside restricted-session escape-hatch UI. Used by
 * CurrentSessionAuthActionsViewComponent's Default.cshtml restricted-
 * session branch.
 *
 * Rules migrated verbatim from HumanCapital/wwwroot/css/site2.css
 * (lines 1663–1702). HC's corresponding cleanup (removal of the
 * duplicates + _Layout.cshtml stylesheet reference addition) lands in
 * HC-repo commits.
 */

.auth-links {
    margin-top: 1.25rem;
    display: flex;
    justify-content: center;
    gap: 1.25rem;
    font-size: 0.85rem;
}

    .auth-links a {
        color: var(--navy-mid);
        text-decoration: none;
    }

        .auth-links a:hover {
            text-decoration: underline;
        }

/* Reset <button> inside .auth-links to match the link visual treatment
   used by .auth-links a — needed for R165 (HOTFIX-C1.A.1): POST-form
   cancel-link in MfaController's Enroll view (same Logout target as
   the header _AuthActions Sign Out, but a de-emphasized "back out of
   enrollment" UX role). The element stays a <button> inside a <form>
   for CSRF safety; only the appearance is link-like. */
.auth-links form {
    margin: 0;
}

.auth-links button {
    background: none;
    border: none;
    padding: 0;
    font: inherit;
    color: var(--navy-mid);
    text-decoration: none;
    cursor: pointer;
}

    .auth-links button:hover {
        text-decoration: underline;
    }