diff --git a/pom.xml b/pom.xml
index d348fa9..cac27e0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -8,8 +8,10 @@
 	<name>gcube secrets</name>
 
 	<scm>
-		<connection>scm:git:https://code-repo.d4science.org/gCubeSystem/gcube-secrets</connection>
-		<developerConnection>scm:git:https://code-repo.d4science.org/gCubeSystem/gcube-secrets</developerConnection>
+		<connection>
+			scm:git:https://code-repo.d4science.org/gCubeSystem/gcube-secrets</connection>
+		<developerConnection>
+			scm:git:https://code-repo.d4science.org/gCubeSystem/gcube-secrets</developerConnection>
 		<url>https://code-repo.d4science.org/gCubeSystem/gcube-secrets</url>
 	</scm>
 
@@ -29,7 +31,7 @@
 			<dependency>
 				<groupId>org.gcube.distribution</groupId>
 				<artifactId>gcube-bom</artifactId>
-				<version>3.0.0</version>
+				<version>3.0.1-SNAPSHOT</version>
 				<type>pom</type>
 				<scope>import</scope>
 			</dependency>
diff --git a/src/main/java/org/gcube/common/security/secrets/GCubeJWTObject.java b/src/main/java/org/gcube/common/security/secrets/GCubeJWTObject.java
index a90dac4..06a0dc0 100644
--- a/src/main/java/org/gcube/common/security/secrets/GCubeJWTObject.java
+++ b/src/main/java/org/gcube/common/security/secrets/GCubeJWTObject.java
@@ -51,6 +51,7 @@ public class GCubeJWTObject {
 
 	@JsonProperty("email")
 	private String email;
+	
 	public List<String> getRoles(){
 		return contextAccess.get(this.context) == null ? MINIMAL_ROLES : contextAccess.get(this.context).roles;
 	}
@@ -70,6 +71,10 @@ public class GCubeJWTObject {
 		return contactOrganisation != null && contactOrganisation.equals(INTERNAL_CLIENT_ORGANISATION_NAME);
 	}
 
+	public boolean isApplication() {
+		return clientId != null;
+	}
+	
 	public String getFirstName() {
 		return firstName;
 	}
diff --git a/src/main/java/org/gcube/common/security/secrets/GCubeSecret.java b/src/main/java/org/gcube/common/security/secrets/GCubeSecret.java
index fadb789..e1d0048 100644
--- a/src/main/java/org/gcube/common/security/secrets/GCubeSecret.java
+++ b/src/main/java/org/gcube/common/security/secrets/GCubeSecret.java
@@ -23,16 +23,17 @@ public class GCubeSecret extends Secret {
 
 	public GCubeSecret(String gcubeToken) {
 		if( gcubeToken == null || gcubeToken.isEmpty())
-			throw new RuntimeException("Invalid token: is null or empty");
+			throw new IllegalArgumentException("Invalid token: is null or empty");
 		if(!Pattern.matches(GCUBE_TOKEN_REGEX, gcubeToken)) 
-			throw new RuntimeException("Invalid token: the gCube token must comply with the regex " + GCUBE_TOKEN_REGEX);
+			throw new IllegalArgumentException("Invalid token: the gCube token must comply with the regex " + GCUBE_TOKEN_REGEX);
 		this.gcubeToken = gcubeToken;
 	}
 
 	private void init() throws Exception{
 		AuthorizationEntry authorizationEntry = Constants.authorizationService().get(gcubeToken);
 		this.owner = new Owner(authorizationEntry.getClientInfo().getId(), 
-				authorizationEntry.getClientInfo().getRoles(), authorizationEntry.getClientInfo().getType()!=ClientType.USER);
+				authorizationEntry.getClientInfo().getRoles(), authorizationEntry.getClientInfo().getType()==ClientType.EXTERNALSERVICE,
+				authorizationEntry.getClientInfo().getType()==ClientType.SERVICE);
 		this.context = authorizationEntry.getContext();
 	}
 
diff --git a/src/main/java/org/gcube/common/security/secrets/UmaTokenSecret.java b/src/main/java/org/gcube/common/security/secrets/UmaTokenSecret.java
index bba3625..c0fd115 100644
--- a/src/main/java/org/gcube/common/security/secrets/UmaTokenSecret.java
+++ b/src/main/java/org/gcube/common/security/secrets/UmaTokenSecret.java
@@ -68,14 +68,16 @@ public class UmaTokenSecret extends Secret {
 				String decodedAccessPart = new String(Base64.getDecoder().decode(realAccessTokenEncoded.getBytes()));
 
 				ObjectMapper objectMapper = new ObjectMapper();
+				
+				this.accessToken = objectMapper.readValue(decodedAccessPart, AccessToken.class);
 				GCubeJWTObject obj = objectMapper.readValue(decodedAccessPart, GCubeJWTObject.class);
-				owner = new Owner(obj.getUsername(), obj.getRoles(), obj.getEmail(), obj.getFirstName(), obj.getLastName(), obj.isExternalService());
+				owner = new Owner(obj.getUsername(), obj.getRoles(), obj.getEmail(), obj.getFirstName(), obj.getLastName(), obj.isExternalService(), obj.isApplication());
 				owner.setClientName(obj.getClientName());
 				owner.setContactOrganisation(obj.getContactOrganisation());
 				owner.setClientName(obj.getClientName());
 				context = obj.getContext();
 
-				this.accessToken = objectMapper.readValue(decodedAccessPart, AccessToken.class);
+				
 
 				initialised = true;
 			} catch (Exception e) {