diff --git a/controllers/helmrepository_controller_oci.go b/controllers/helmrepository_controller_oci.go
index 02ec39b49..5d60d2b1c 100644
--- a/controllers/helmrepository_controller_oci.go
+++ b/controllers/helmrepository_controller_oci.go
@@ -382,5 +382,9 @@ func oidcAuthFromAdapter(ctx context.Context, url, provider string) (helmreg.Log
 		return nil, err
 	}
 
+	if auth == nil {
+		return nil, fmt.Errorf("could not validate OCI provider %s with URL %s", provider, url)
+	}
+
 	return registry.OIDCAdaptHelper(auth)
 }
diff --git a/controllers/helmrepository_controller_oci_test.go b/controllers/helmrepository_controller_oci_test.go
index c5e36c297..f9c8356f3 100644
--- a/controllers/helmrepository_controller_oci_test.go
+++ b/controllers/helmrepository_controller_oci_test.go
@@ -229,6 +229,15 @@ func TestHelmRepositoryOCIReconciler_authStrategy(t *testing.T) {
 				*conditions.FalseCondition(meta.ReadyCondition, sourcev1.AuthenticationFailedReason, "failed to get credential from"),
 			},
 		},
+		{
+			name:        "with contextual login provider and invalid repository URL",
+			wantErr:     true,
+			provider:    "aws",
+			providerImg: "oci://123456789000.dkr.ecr.us-east-2.amazonaws.com",
+			assertConditions: []metav1.Condition{
+				*conditions.FalseCondition(meta.ReadyCondition, sourcev1.AuthenticationFailedReason, "failed to get credential from"),
+			},
+		},
 		{
 			name: "with contextual login provider and secretRef",
 			want: ctrl.Result{RequeueAfter: interval},