Error in the second authentication factor

An incorrect OTP code is supplied after a successful password/check with a otp/check REST call.

HTTP Request - /public/authentication/otp/check/

Example

POST https://iam-host.com/auth/rest/public/authentication/otp/check
{
    "otp": "123456"
}

The response is a HTTP 400 BAD REQUEST response and the code returns “OTP_WRONG” to inidicate the reason for the failure.

Since this call returned an error, a “temporaryLockExpiry” is returned as well.

HTTP Response - /public/authentication/otp/check/

Example

400 BAD REQUEST
{
    "meta": {
        "type": "jsonapi.metadata.document",
        "timestamp": "2018-12-04T10:11:39.420Z",
        "temporaryLockExpiry": "2018-12-04T10:11:42.394Z"
    },
    "errors": [
        {
            "id": "9420:5816",
            "status": 400,
            "code": "OTP_WRONG"
        }
    ]
}