@page "/login"
@layout LoginLayout
@* Login MUST stay anonymously reachable — otherwise the fallback authorization policy
   would lock operators out of the only way in (Admin-001). Static-rendered on purpose:
   the form POSTs to /auth/login while ASP.NET still owns an unstarted HTTP response.
   Calling SignInAsync from an interactive circuit would be too late.

   Uses LoginLayout (no side rail) so the page renders as a clean centred card.
   The card itself is the shared kit's <LoginCard> — it owns the .login-wrap centring
   wrapper, the .panel shell, and the static form-POST (username/password/returnUrl). *@
@attribute [Microsoft.AspNetCore.Authorization.AllowAnonymous]

<LoginCard Product="OtOpcUa Admin" Action="/auth/login" ReturnUrl="@ReturnUrl" Error="@Error">
    <AntiforgeryToken />
</LoginCard>

@code {
    /// <summary>Error message surfaced by /auth/login after a failed bind.</summary>
    [SupplyParameterFromQuery]
    private string? Error { get; set; }

    /// <summary>Original protected URL the operator was bounced from; round-tripped to the endpoint.</summary>
    [SupplyParameterFromQuery]
    private string? ReturnUrl { get; set; }
}