Merge pull request #353 from MasterKale/fix/352-not-allowed-error

fix/352-not-allowed-error

1 files changed, 4 insertions, 15 deletions

diff --git a/packages/browser/src/helpers/identifyAuthenticationError.ts b/packages/browser/src/helpers/identifyAuthenticationError.ts
index c994947..600a2d6 100644
--- a/packages/browser/src/helpers/identifyAuthenticationError.ts
+++ b/packages/browser/src/helpers/identifyAuthenticationError.ts
@@ -23,21 +23,10 @@ export function identifyAuthenticationError({
       return new WebAuthnError('Authentication ceremony was sent an abort signal', 'AbortError');
     }
   } else if (error.name === 'NotAllowedError') {
-    if (publicKey.allowCredentials?.length) {
-      // https://www.w3.org/TR/webauthn-2/#sctn-discover-from-external-source (Step 17)
-      // https://www.w3.org/TR/webauthn-2/#sctn-op-get-assertion (Step 6)
-      return new WebAuthnError(
-        'No available authenticator recognized any of the allowed credentials',
-        'NotAllowedError',
-      );
-    }
-
-    // https://www.w3.org/TR/webauthn-2/#sctn-discover-from-external-source (Step 18)
-    // https://www.w3.org/TR/webauthn-2/#sctn-op-get-assertion (Step 7)
-    return new WebAuthnError(
-      'User clicked cancel, or the authentication ceremony timed out',
-      'NotAllowedError',
-    );
+    /**
+     * Pass the error directly through. Platforms are overloading this error beyond what the spec
+     * defines and we don't want to overwrite potentially useful error messages.
+     */
   } else if (error.name === 'SecurityError') {
     const effectiveDomain = window.location.hostname;
     if (!isValidDomain(effectiveDomain)) {