The endpoint you mentioned is not documented as being part of the publicly available Authentication API so even though I could try to give you some information about it the behavior could change or be removed without notice as it’s only internally used so I would prefer to avoid leading you in error and/or in using an endpoint that could change at any minute.