diff options
Diffstat (limited to 'packages/browser/src/helpers')
| -rw-r--r-- | packages/browser/src/helpers/identifyAuthenticationError.ts | 19 | ||||
| -rw-r--r-- | packages/browser/src/helpers/identifyRegistrationError.ts | 10 |
2 files changed, 8 insertions, 21 deletions
diff --git a/packages/browser/src/helpers/identifyAuthenticationError.ts b/packages/browser/src/helpers/identifyAuthenticationError.ts index c994947..600a2d6 100644 --- a/packages/browser/src/helpers/identifyAuthenticationError.ts +++ b/packages/browser/src/helpers/identifyAuthenticationError.ts @@ -23,21 +23,10 @@ export function identifyAuthenticationError({ return new WebAuthnError('Authentication ceremony was sent an abort signal', 'AbortError'); } } else if (error.name === 'NotAllowedError') { - if (publicKey.allowCredentials?.length) { - // https://www.w3.org/TR/webauthn-2/#sctn-discover-from-external-source (Step 17) - // https://www.w3.org/TR/webauthn-2/#sctn-op-get-assertion (Step 6) - return new WebAuthnError( - 'No available authenticator recognized any of the allowed credentials', - 'NotAllowedError', - ); - } - - // https://www.w3.org/TR/webauthn-2/#sctn-discover-from-external-source (Step 18) - // https://www.w3.org/TR/webauthn-2/#sctn-op-get-assertion (Step 7) - return new WebAuthnError( - 'User clicked cancel, or the authentication ceremony timed out', - 'NotAllowedError', - ); + /** + * Pass the error directly through. Platforms are overloading this error beyond what the spec + * defines and we don't want to overwrite potentially useful error messages. + */ } else if (error.name === 'SecurityError') { const effectiveDomain = window.location.hostname; if (!isValidDomain(effectiveDomain)) { diff --git a/packages/browser/src/helpers/identifyRegistrationError.ts b/packages/browser/src/helpers/identifyRegistrationError.ts index 8976602..9b76454 100644 --- a/packages/browser/src/helpers/identifyRegistrationError.ts +++ b/packages/browser/src/helpers/identifyRegistrationError.ts @@ -41,12 +41,10 @@ export function identifyRegistrationError({ // https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred (Step 3) return new WebAuthnError('The authenticator was previously registered', 'InvalidStateError'); } else if (error.name === 'NotAllowedError') { - // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 20) - // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 21) - return new WebAuthnError( - 'User clicked cancel, or the registration ceremony timed out', - 'NotAllowedError', - ); + /** + * Pass the error directly through. Platforms are overloading this error beyond what the spec + * defines and we don't want to overwrite potentially useful error messages. + */ } else if (error.name === 'NotSupportedError') { const validPubKeyCredParams = publicKey.pubKeyCredParams.filter( param => param.type === 'public-key', |