diff --git a/packages/authentication-local/src/strategy.ts b/packages/authentication-local/src/strategy.ts
index 28faf7c56b..4f182fd612 100644
--- a/packages/authentication-local/src/strategy.ts
+++ b/packages/authentication-local/src/strategy.ts
@@ -45,6 +45,10 @@ export class LocalStrategy extends AuthenticationBaseStrategy {
 
   async findEntity (username: string, params: Params) {
     const { entityUsernameField, service, errorMessage } = this.configuration;
+    if (!username) { // don't query for users without any condition set.
+      throw new NotAuthenticated(errorMessage);
+    }
+
     const query = await this.getEntityQuery({
       [entityUsernameField]: username
     }, params);