/* Tweaks for the two_factor login page (extends internal/base_minimal.html). */

/* On the passkey login step the token field is filled in automatically by
   get_credential.js from the browser's passkey prompt, so an empty, labelled
   field is confusing. Hide the input and its label (but not the wrapping
   .input-field, so the error get_credential.js injects there on cancel/timeout
   stays visible). The id is shared with TOTP/SMS token entry, so this is scoped
   to .passkey-login and only applies when the active device is a passkey. */
.passkey-login label[for="id_token-otp_token"],
.passkey-login #id_token-otp_token {
    display: none;
}

/* Keep the "Trust this device" checkbox on its own line so the wizard
   Back/Next buttons no longer flow inline after it (which pushed them onto
   separate lines). */
.trust-device {
    display: block;
    margin: 1rem 0;
}

/* Group the wizard Back/Next buttons on a single line, left-aligned, with even
   spacing between them. */
.wizard-actions .btn {
    margin-right: 0.5rem;
}
