diff --git a/swh/deposit/api/collection.py b/swh/deposit/api/collection.py
--- a/swh/deposit/api/collection.py
+++ b/swh/deposit/api/collection.py
@@ -116,8 +116,6 @@
         client = self.get_client(request)
         deposit_parent: Optional[Deposit] = None
 
-        assert client
-
         if external_id:
             try:
                 # find a deposit parent (same external id, status load to success)
diff --git a/swh/deposit/api/common.py b/swh/deposit/api/common.py
--- a/swh/deposit/api/common.py
+++ b/swh/deposit/api/common.py
@@ -860,11 +860,11 @@
         """
         return {}
 
-    def get_client(self, request) -> Optional[DepositClient]:
-        """Returns a DepositClient if request.user.username is not None"""
+    def get_client(self, request) -> DepositClient:
+        # This class depends on AuthenticatedAPIView, so request.user.username
+        # is always set
         username = request.user.username
-        if username is None:
-            return None
+        assert username is not None
 
         if self._client is None:
             try:
@@ -888,16 +888,14 @@
             collection = deposit.collection
 
         client = self.get_client(request)
-        if client:  # unauthenticated request can have the username empty
-            collection_id = collection.id
-            collections = client.collections
-            assert collections is not None
-            if collection_id not in collections:
-                raise DepositError(
-                    FORBIDDEN,
-                    f"Client {client.username} cannot access collection "
-                    f"{collection_name}",
-                )
+        collection_id = collection.id
+        collections = client.collections
+        assert collections is not None
+        if collection_id not in collections:
+            raise DepositError(
+                FORBIDDEN,
+                f"Client {client.username} cannot access collection {collection_name}",
+            )
 
         headers = self._read_headers(request)