diff --git a/li.strolch.websocket/src/main/java/li/strolch/websocket/WebSocketClient.java b/li.strolch.websocket/src/main/java/li/strolch/websocket/WebSocketClient.java
index bee3f113c..ae81b3828 100644
--- a/li.strolch.websocket/src/main/java/li/strolch/websocket/WebSocketClient.java
+++ b/li.strolch.websocket/src/main/java/li/strolch/websocket/WebSocketClient.java
@@ -153,6 +153,12 @@ public class WebSocketClient implements MessageHandler.Whole<String> {
 		String authToken = jsonObject.get("authToken").getAsString();
 		String username = jsonObject.get("username").getAsString();
 
+		if (authToken.isEmpty() || username.isEmpty()) {
+			logger.error("Received invalid authentication request: " + jsonObject.toString());
+			close(CloseReason.CloseCodes.UNEXPECTED_CONDITION, "Invalid authentication");
+			return;
+		}
+
 		try {
 			this.certificate = this.sessionHandler.validate(authToken, this.remoteIp);
 			if (!this.certificate.getUsername().equals(username)) {