The authentication flow is initialized with a password/check that supplies username and an incorrect password.
HTTP Request - /public/authentication/password/check/
POST https://iam-host.com/auth/rest/public/authentication/password/check { "username": "john.doe@ergon.ch", "password": "incorrect_password" }
The response is a HTTP 400 Bad Request with a code "USERNAME_PASSWORD_WRONG" to indicate the reason of the failure.
Since this call returned an error, a "temporaryLockExpiry" is returned as well.
HTTP Response - /public/authentication/password/check/
400 Bad Request { "meta": { "type": "jsonapi.metadata.document", "timestamp": "2018-12-04T09:48:25.112Z", "temporaryLockExpiry": "2018-12-04T09:48:28.104Z", "nextAuthStep": "PASSWORD_REQUIRED" }, "errors": [ { "id": "5112:9070", "status": 400, "code": "USERNAME_PASSWORD_WRONG" } ] }