diff --git a/controllers/operator_methods.go b/controllers/operator_methods.go
index 7aa2e959a900857940a568d1679c938d726ccc74..7718841402c1be69f6eade3a9acacf6b4ab8c477 100644
--- a/controllers/operator_methods.go
+++ b/controllers/operator_methods.go
@@ -3,7 +3,6 @@ package controllers
 import (
 	"context"
 	"fmt"
-	"reflect"
 
 	routev1 "github.com/openshift/api/route/v1"
 	authzalpha1 "gitlab.cern.ch/paas-tools/operators/authz-operator/api/v1alpha1"
@@ -37,9 +36,10 @@ func (r *GitlabPagesSiteReconciler) getOidcSecret(ctx context.Context, gitlabPag
 		}
 	}
 
-	// Ensure we have a valid ApplicationRegistration registration, this only happens when we have exactly one ApplicationRegistration
-	// with a status set by the authz-operator and this status says provisioning succeeded
-	if !reflect.DeepEqual(appReg.Status, authzalpha1.ApplicationRegistrationStatus{}) && appReg.Status.ProvisioningStatus != "Created" {
+	// Ensure we have a valid ApplicationRegistration. This can happen when the ApplicationRegistration is `Created` (the website should be up and running)
+	// or when the ApplicationRegistration has state `DeletedFromAPI` (the website should be blocked). To check if the ApplicationRegistration is in one of those two states,
+	// we can check if the oidc secret exists.
+	if appReg.Status.ClientCredentialsSecret == "" {
 		meta.SetStatusCondition(&gitlabPagesSite.Status.Conditions, metav1.Condition{
 			Type:    webservicescernchv1alpha1.ConditionTypeGitlabPagesSiteCreated,
 			Status:  metav1.ConditionFalse,
@@ -51,11 +51,12 @@ func (r *GitlabPagesSiteReconciler) getOidcSecret(ctx context.Context, gitlabPag
 			return nil, err
 		}
 
-		err := fmt.Errorf("ApplicationRegistration %v still doesn't have ProvisioningStatus set to Created", appReg.Name)
+		err := fmt.Errorf("ApplicationRegistration %v still doesn't have ClientCredentialsSecret set to oidc-client-secret", appReg.Name)
 		r.logger.Info(err.Error())
 		return nil, err
 	}
 
+	// Retrieve OIDC secret
 	oidcSecret := &v1.Secret{}
 	namespacedName := types.NamespacedName{
 		Name:      appReg.Status.ClientCredentialsSecret,
@@ -67,6 +68,14 @@ func (r *GitlabPagesSiteReconciler) getOidcSecret(ctx context.Context, gitlabPag
 		return nil, err
 	}
 
+	// Validate that the secret contains the required data
+	requiredFields := []string{"clientID", "clientSecret", "issuerURL"}
+	for _, field := range requiredFields {
+		if value, exists := oidcSecret.Data[field]; !exists || len(value) == 0 {
+			return nil, fmt.Errorf("secret '%s' in namespace '%s' is missing required field or has empty value: %s", appReg.Status.ClientCredentialsSecret, gitlabPagesSite.Namespace, field)
+		}
+	}
+
 	return oidcSecret, nil
 }