diff --git a/internal/webserver/authenticators/pam.go b/internal/webserver/authenticators/pam.go
index d5a5500..f204eaa 100644
--- a/internal/webserver/authenticators/pam.go
+++ b/internal/webserver/authenticators/pam.go
@@ -118,9 +118,7 @@ func (t *Pam) AuthorisationAPI(w http.ResponseWriter, r *http.Request) {
 	challenge, err := user.Authenticate(clientTunnelIp.String(), t.Type(), t.AuthoriseFunc(w, r))
 
 	msg, status := resultMessage(err)
-	if err != nil {
-		w.Header().Set("WAG-CHALLENGE", challenge)
-	}
+	w.Header().Set("WAG-CHALLENGE", challenge)
 
 	jsonResponse(w, msg, status)
 
diff --git a/internal/webserver/authenticators/totp.go b/internal/webserver/authenticators/totp.go
index c56e24c..87e5999 100644
--- a/internal/webserver/authenticators/totp.go
+++ b/internal/webserver/authenticators/totp.go
@@ -176,9 +176,7 @@ func (t *Totp) AuthorisationAPI(w http.ResponseWriter, r *http.Request) {
 	}
 
 	challenge, err := user.Authenticate(clientTunnelIp.String(), t.Type(), t.AuthoriseFunc(w, r))
-	if err != nil {
-		w.Header().Set("WAG-CHALLENGE", challenge)
-	}
+	w.Header().Set("WAG-CHALLENGE", challenge)
 
 	msg, status := resultMessage(err)
 	jsonResponse(w, msg, status)
diff --git a/internal/webserver/authenticators/webauthn.go b/internal/webserver/authenticators/webauthn.go
index b58629a..e2169c2 100644
--- a/internal/webserver/authenticators/webauthn.go
+++ b/internal/webserver/authenticators/webauthn.go
@@ -156,13 +156,9 @@ func (wa *Webauthn) RegistrationAPI(w http.ResponseWriter, r *http.Request) {
 
 				return nil
 			})
+		w.Header().Set("WAG-CHALLENGE", challenge)
 
 		msg, status := resultMessage(err)
-
-		if err != nil {
-			w.Header().Set("WAG-CHALLENGE", challenge)
-		}
-
 		jsonResponse(w, msg, status) // Send back an error message before we do the server side of handling it
 
 		if err != nil {
diff --git a/internal/webserver/resources/static/js/challenge.js b/internal/webserver/resources/static/js/challenge.js
index a9011b6..8a77863 100644
--- a/internal/webserver/resources/static/js/challenge.js
+++ b/internal/webserver/resources/static/js/challenge.js
@@ -3,7 +3,7 @@ const httpsEnabled = window.location.protocol == "https:";
 const url = (httpsEnabled ? 'wss://' : 'ws://') + window.location.host + "/challenge/";
 
 
-let challenge = localStorage.getItem("challange");
+let challenge = localStorage.getItem("challenge");
 if (challenge === null) {
     // oidc sets the challenge via cookie
     challenge = getCookie("challenge");