diff --git a/pom.xml b/pom.xml
index 2b01857..5c54a80 100644
--- a/pom.xml
+++ b/pom.xml
@@ -20,7 +20,7 @@
 			<dependency>
 				<groupId>org.gcube.distribution</groupId>
 				<artifactId>gcube-bom</artifactId>
-				<version>2.0.2</version>
+				<version>3.0.0-SNAPSHOT</version>
 				<type>pom</type>
 				<scope>import</scope>
 			</dependency>
diff --git a/src/main/java/org/gcube/common/keycloak/DefaultKeycloakClient.java b/src/main/java/org/gcube/common/keycloak/DefaultKeycloakClient.java
index 7d9a2cd..3886749 100644
--- a/src/main/java/org/gcube/common/keycloak/DefaultKeycloakClient.java
+++ b/src/main/java/org/gcube/common/keycloak/DefaultKeycloakClient.java
@@ -145,6 +145,7 @@ public class DefaultKeycloakClient implements KeycloakClient {
 
         try {
             params.put(AUDIENCE_PARAMETER, Arrays.asList(URLEncoder.encode(checkAudience(audience), "UTF-8")));
+            logger.trace("audience is {}", checkAudience(audience));
         } catch (UnsupportedEncodingException e) {
             logger.error("Can't URL encode audience: {}", audience, e);
         }
@@ -179,11 +180,12 @@ public class DefaultKeycloakClient implements KeycloakClient {
             String queryString = params.entrySet().stream()
                     .flatMap(p -> p.getValue().stream().map(v -> p.getKey() + "=" + v))
                     .reduce((p1, p2) -> p1 + "&" + p2).orElse("");
-
+            
+            logger.trace("query string is {}", queryString);
+            
             request = GXHTTPStringRequest.newRequest(tokenURL.toString())
                     .header("Content-Type", "application/x-www-form-urlencoded").withBody(queryString);
 
-            request.isExternalCall(true);
             if (authorization != null) {
                 logger.debug("Adding authorization header as: {}", authorization);
                 request = request.header("Authorization", authorization);
@@ -205,7 +207,7 @@ public class DefaultKeycloakClient implements KeycloakClient {
                 throw new KeycloakClientException("Cannot construct token response object correctly", e);
             }
         } else {
-            throw KeycloakClientException.create("Unable to get token", response.getHTTPCode(),
+        	throw KeycloakClientException.create("Unable to get token", response.getHTTPCode(),
                     response.getHeaderFields()
                             .getOrDefault("content-type", Collections.singletonList("unknown/unknown")).get(0),
                     response.getMessage());
@@ -280,7 +282,6 @@ public class DefaultKeycloakClient implements KeycloakClient {
             request = GXHTTPStringRequest.newRequest(tokenURL.toString()).header("Content-Type",
                     "application/x-www-form-urlencoded").withBody(queryString);
 
-            request.isExternalCall(true);
         } catch (Exception e) {
             throw new KeycloakClientException("Cannot construct the request object correctly", e);
         }
@@ -336,7 +337,6 @@ public class DefaultKeycloakClient implements KeycloakClient {
             request = GXHTTPStringRequest.newRequest(introspectionURL.toString()).header("Content-Type",
                     "application/x-www-form-urlencoded").withBody(queryString);
 
-            request.isExternalCall(true);
             request = request.header("Authorization", constructBasicAuthenticationHeader(clientId, clientSecret));
         } catch (Exception e) {
             throw new KeycloakClientException("Cannot construct the request object correctly", e);