diff --git a/internal/watcher/clients.go b/internal/watcher/clients.go
index c71e442c..0d0b6fe7 100644
--- a/internal/watcher/clients.go
+++ b/internal/watcher/clients.go
@@ -263,9 +263,6 @@ func (w *Watcher) computePerPathUpdatesLocked(oldByID, newByID map[string]*corea
 }
 
 func authSliceToMap(auths []*coreauth.Auth) map[string]*coreauth.Auth {
-	if len(auths) == 0 {
-		return nil
-	}
 	byID := make(map[string]*coreauth.Auth, len(auths))
 	for _, a := range auths {
 		if a == nil || strings.TrimSpace(a.ID) == "" {
@@ -273,9 +270,6 @@ func authSliceToMap(auths []*coreauth.Auth) map[string]*coreauth.Auth {
 		}
 		byID[a.ID] = a
 	}
-	if len(byID) == 0 {
-		return nil
-	}
 	return byID
 }
 
diff --git a/internal/watcher/watcher_test.go b/internal/watcher/watcher_test.go
index 208ae102..27d28419 100644
--- a/internal/watcher/watcher_test.go
+++ b/internal/watcher/watcher_test.go
@@ -489,17 +489,17 @@ func TestAuthSliceToMap(t *testing.T) {
 		{
 			name: "nil input",
 			in:   nil,
-			want: nil,
+			want: map[string]*coreauth.Auth{},
 		},
 		{
 			name: "empty input",
 			in:   []*coreauth.Auth{},
-			want: nil,
+			want: map[string]*coreauth.Auth{},
 		},
 		{
 			name: "filters invalid auths",
 			in:   []*coreauth.Auth{nil, empty},
-			want: nil,
+			want: map[string]*coreauth.Auth{},
 		},
 		{
 			name: "keeps valid auths",
@@ -519,8 +519,11 @@ func TestAuthSliceToMap(t *testing.T) {
 			t.Parallel()
 			got := authSliceToMap(tc.in)
 			if len(tc.want) == 0 {
-				if got != nil {
-					t.Fatalf("expected nil map, got %#v", got)
+				if got == nil {
+					t.Fatal("expected empty map, got nil")
+				}
+				if len(got) != 0 {
+					t.Fatalf("expected empty map, got %#v", got)
 				}
 				return
 			}