diff --git a/services/mobileid/MobileIdentityCommon.jsm b/services/mobileid/MobileIdentityCommon.jsm
index df4c7ea1231..bf169eee606 100644
--- a/services/mobileid/MobileIdentityCommon.jsm
+++ b/services/mobileid/MobileIdentityCommon.jsm
@@ -91,6 +91,7 @@ this.ERROR_INVALID_VERIFICATION_CODE              = "INVALID_VERIFICATION_CODE";
 this.ERROR_MISSING_CONTENT_LENGTH_HEADER          = "MISSING_CONTENT_LENGTH_HEADER";
 this.ERROR_NO_RETRIES_LEFT                        = "NO_RETRIES_LEFT";
 this.ERROR_OFFLINE                                = "OFFLINE";
+this.ERROR_PERMISSION_DENIED                      = "PERMISSION_DENIED";
 this.ERROR_REQUEST_BODY_TOO_LARGE                 = "REQUEST_BODY_TOO_LARGE";
 this.ERROR_SERVICE_TEMPORARILY_UNAVAILABLE        = "SERVICE_TEMPORARILY_UNAVAILABLE";
 this.ERROR_TOO_MANY_REQUESTS_MSISDN               = "TOO_MANY_REQUESTS_MSISDN";
diff --git a/services/mobileid/MobileIdentityManager.jsm b/services/mobileid/MobileIdentityManager.jsm
index 66637307fe7..db26c89e7e3 100644
--- a/services/mobileid/MobileIdentityManager.jsm
+++ b/services/mobileid/MobileIdentityManager.jsm
@@ -320,15 +320,9 @@ let MobileIdentityManager = {
   },
 
   /*********************************************************
-   * Permissions helpers
+   * Permissions helper
    ********************************************************/
 
-  hasPermission: function(aPrincipal) {
-    let permission = permissionManager.testPermissionFromPrincipal(aPrincipal,
-                                                                   MOBILEID_PERM);
-    return permission == Ci.nsIPermissionManager.ALLOW_ACTION;
-  },
-
   addPermission: function(aPrincipal) {
     permissionManager.addFromPrincipal(aPrincipal, MOBILEID_PERM,
                                        Ci.nsIPermissionManager.ALLOW_ACTION);
@@ -757,8 +751,14 @@ let MobileIdentityManager = {
         // If we've just prompted the user in the previous step, the permission
         // is already granted and stored so we just progress the credentials.
         if (creds) {
-          if (this.hasPermission(principal)) {
+          let permission = permissionManager.testPermissionFromPrincipal(
+            principal,
+            MOBILEID_PERM
+          );
+          if (permission == Ci.nsIPermissionManager.ALLOW_ACTION) {
             return creds;
+          } else if (permission == Ci.nsIPermissionManager.DENY_ACTION) {
+            return Promise.reject(ERROR_PERMISSION_DENIED);
           }
           return this.promptAndVerify(principal, manifestURL, creds);
         }