Effects of temporary locks
HTTP Request - /public/authentication/password/check/
The following example shows the result of a call that is executed while a temporary lock is still active:
Example
POST https://iam-host.com/auth/rest/public/authentication/password/check
{
"username": "john.doe@ergon.ch",
"password": "incorrect_password"
}The response is a HTTP 403 Forbidden with a code “USER_TEMPORARILY_LOCKED” to indicate the reason of the failure. This result will be returned regardless whether the username/password combination is valid or not.
Since this call returned an error, a “temporaryLockExpiry” is returned as well, but the time delay is not increased and neither is the failed login counter.
HTTP Response - /public/authentication/password/check/
Example
403 Forbidden
{
"meta": {
"type": "jsonapi.metadata.document",
"timestamp": "2018-12-04T10:18:39.315Z",
"temporaryLockExpiry": "2018-12-04T10:18:41.499Z"
},
"errors": [
{
"id": "9315:2873",
"status": 403,
"code": "USER_TEMPORARILY_LOCKED"
}
]
}