diff --git a/src/RedisAuthProvider.php b/src/RedisAuthProvider.php
new file mode 100644
index 0000000..200bcce
--- /dev/null
+++ b/src/RedisAuthProvider.php
@@ -0,0 +1,35 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Laminas\Cache\Storage\Adapter;
+
+use Laminas\Cache\Storage\Adapter\Exception\InvalidRedisClusterConfigurationException;
+
+final class RedisAuthProvider
+{
+    /**
+     * @psalm-return array{0: non-empty-string, 1?: non-empty-string}|null
+     * @throws InvalidRedisClusterConfigurationException
+     *
+     * Psalm cannot infer that only when user/password is not null and not an empty string, it is returned in the array
+     * @psalm-suppress MoreSpecificReturnType
+     * @psalm-suppress LessSpecificReturnStatement
+     */
+    public static function createAuthenticationObject(?string $user, ?string $password): array|null
+    {
+        if (self::isSet($password) && self::isSet($user)) {
+            return [$user, $password];
+        } elseif (self::isSet($password) && ! self::isSet($user)) {
+            return [$password];
+        } elseif (! self::isSet($password) && self::isSet($user)) {
+            throw InvalidRedisClusterConfigurationException::fromMissingRequiredPassword();
+        }
+        return null;
+    }
+
+    private static function isSet(?string $value): bool
+    {
+        return $value !== null && $value !== '';
+    }
+}
diff --git a/src/RedisClusterResourceManager.php b/src/RedisClusterResourceManager.php
index 69e1fe4..ddd9a41 100644
--- a/src/RedisClusterResourceManager.php
+++ b/src/RedisClusterResourceManager.php
@@ -48,18 +48,7 @@ public function getResource(): RedisClusterFromExtension
 
     private function createRedisResource(RedisClusterOptions $options): RedisClusterFromExtension
     {
-        $user     = $options->getUser();
-        $password = $options->getPassword();
-
-        if ($user !== '' && $password !== '') {
-            $authentication = [$user, $password];
-        } elseif ($user !== '' && $password === '') {
-            throw InvalidRedisClusterConfigurationException::fromMissingRequiredPassword();
-        } elseif ($user === '' && $password !== '') {
-            $authentication = [$password];
-        } else {
-            $authentication = null;
-        }
+        $authentication = RedisAuthProvider::createAuthenticationObject($options->getUser(), $options->getPassword());
 
         if ($options->hasName()) {
             return $this->createRedisResourceFromName(
diff --git a/src/RedisResourceManager.php b/src/RedisResourceManager.php
index 0000780..b1f8615 100644
--- a/src/RedisResourceManager.php
+++ b/src/RedisResourceManager.php
@@ -57,21 +57,7 @@ private function createRedisFromExtension(RedisOptions $options): RedisFromExten
             $port = $server['port'] ?? self::DEFAULT_REDIS_PORT;
         }
 
-        $authentication = [];
-        $user           = $options->getUser();
-        $password       = $options->getPassword();
-
-        if ($user !== null) {
-            $authentication[] = $user;
-        }
-
-        if ($password !== null) {
-            $authentication[] = $password;
-        }
-
-        if ($authentication === []) {
-            $authentication = null;
-        }
+        $authentication = RedisAuthProvider::createAuthenticationObject($options->getUser(), $options->getPassword());
 
         $resourceOptions = [
             'host'           => $host,
diff --git a/test/unit/RedisAuthProviderTest.php b/test/unit/RedisAuthProviderTest.php
new file mode 100644
index 0000000..edcd504
--- /dev/null
+++ b/test/unit/RedisAuthProviderTest.php
@@ -0,0 +1,91 @@
+<?php
+
+declare(strict_types=1);
+
+namespace LaminasTest\Cache\Storage\Adapter;
+
+use Laminas\Cache\Storage\Adapter\Exception\InvalidRedisClusterConfigurationException;
+use Laminas\Cache\Storage\Adapter\RedisAuthProvider;
+use PHPUnit\Framework\TestCase;
+
+final class RedisAuthProviderTest extends TestCase
+{
+    private const DUMMY_USER     = 'user';
+    private const DUMMY_PASSWORD = 'password';
+
+    /**
+     * @dataProvider invalidAuthenticationProvider
+     */
+    public function testWillThrowExceptionWhenUserWithoutPasswordProvided(string $user, ?string $password): void
+    {
+        $this->expectException(InvalidRedisClusterConfigurationException::class);
+        $this->expectExceptionMessage(
+            InvalidRedisClusterConfigurationException::fromMissingRequiredPassword()->getMessage()
+        );
+        RedisAuthProvider::createAuthenticationObject($user, $password);
+    }
+
+    /**
+     * @dataProvider validAuthenticationProvider
+     */
+    public function testValidUserAndPasswordProvided(
+        ?string $user,
+        ?string $password,
+        array|null $expectedAuthentication
+    ): void {
+        $actualAuthentication = RedisAuthProvider::createAuthenticationObject($user, $password);
+        $this->assertEquals($expectedAuthentication, $actualAuthentication);
+    }
+
+    /**
+     * @psalm-return non-empty-array<non-empty-string,array{0:string|null,1:string|null,
+     * 2:array{0: non-empty-string, 1?: non-empty-string}|null}>
+     */
+    public static function validAuthenticationProvider(): array
+    {
+        return [
+            'user and password'                          => [
+                self::DUMMY_USER,
+                self::DUMMY_PASSWORD,
+                [self::DUMMY_USER, self::DUMMY_PASSWORD],
+            ],
+            'only password (user is empty string)'       => [
+                '',
+                self::DUMMY_PASSWORD,
+                [self::DUMMY_PASSWORD],
+            ],
+            'no authentication provided (empty strings)' => [
+                '',
+                '',
+                null,
+            ],
+            'only password (user is null)'               => [
+                null,
+                self::DUMMY_PASSWORD,
+                [self::DUMMY_PASSWORD],
+            ],
+            'no authentication provided (null values)'   => [
+                null,
+                null,
+                null,
+            ],
+        ];
+    }
+
+    /**
+     * @psalm-return non-empty-array<non-empty-string,array{0:non-empty-string,1:string|null}>
+     */
+    public static function invalidAuthenticationProvider(): array
+    {
+        return [
+            'user without a password (password is empty string)' => [
+                self::DUMMY_USER,
+                '',
+            ],
+            'user without a password (password is null)'         => [
+                self::DUMMY_USER,
+                null,
+            ],
+        ];
+    }
+}