diff --git a/internal/webssoauth/webssoauth.go b/internal/webssoauth/webssoauth.go
index 6f58366..84549c7 100644
--- a/internal/webssoauth/webssoauth.go
+++ b/internal/webssoauth/webssoauth.go
@@ -751,7 +751,9 @@ func (w *WebSSOAuthentication) promptAuthentication(da *okta.DeviceAuthorization
 			bArgs = append(bArgs, da.VerificationURIComplete)
 			cmd := osexec.Command(bArgs[0], bArgs[1:]...)
 			out, err := cmd.Output()
-			if _, ok := err.(*osexec.ExitError); ok {
+			// TODO don't strategically swallow all errors?
+			// if _, ok := err.(*osexec.ExitError); ok {
+			if err != nil {
 				w.consolePrint("Failed to open activation URL with given browser: %v\n", err)
 				w.consolePrint("  %s\n", strings.Join(bArgs, " "))
 			}
@@ -759,7 +761,6 @@ func (w *WebSSOAuthentication) promptAuthentication(da *okta.DeviceAuthorization
 				w.consolePrint("browser output:\n%s\n", string(out))
 			}
 		}
-
 	} else if w.config.OpenBrowser() {
 		brwsr.Stdout = os.Stderr
 		if err := brwsr.OpenURL(da.VerificationURIComplete); err != nil {