Error in the first authentication factor

The authentication flow is initialized with a password/check that supplies username and an incorrect password. 

HTTP Request - /public/authentication/password/check/

    "username": "",
    "password": "incorrect_password"

The response is a HTTP 400 Bad Request with a code "USERNAME_PASSWORD_WRONG" to indicate the reason of the failure.

Since this call returned an error, a "temporaryLockExpiry" is returned as well.

HTTP Response - /public/authentication/password/check/

400 Bad Request
    "meta": {
        "type": "jsonapi.metadata.document",
        "timestamp": "2018-12-04T09:48:25.112Z",
        "temporaryLockExpiry": "2018-12-04T09:48:28.104Z",
        "nextAuthStep": "PASSWORD_REQUIRED"
    "errors": [
            "id": "5112:9070",
            "status": 400,
            "code": "USERNAME_PASSWORD_WRONG"