diff --git a/src/main/java/org/gcube/oidc/rest/OpenIdConnectRESTHelper.java b/src/main/java/org/gcube/oidc/rest/OpenIdConnectRESTHelper.java
index 3d79b71..5565d1b 100644
--- a/src/main/java/org/gcube/oidc/rest/OpenIdConnectRESTHelper.java
+++ b/src/main/java/org/gcube/oidc/rest/OpenIdConnectRESTHelper.java
@@ -115,10 +115,12 @@ public class OpenIdConnectRESTHelper {
             con.setRequestProperty("Authorization", authorization);
         }
         OutputStream os = con.getOutputStream();
+
+        String queryString = mapToQueryString(params);
         if (logger.isDebugEnabled()) {
-            logger.debug("Sending parameters: " + params);
+            logger.debug("Parameters query string is: " + queryString);
         }
-        os.write(mapToQueryString(params).getBytes("UTF-8"));
+        os.write(queryString.getBytes("UTF-8"));
         os.close();
         return con;
     }
@@ -156,16 +158,7 @@ public class OpenIdConnectRESTHelper {
         Map<String, List<String>> params = new HashMap<>();
         params.put("grant_type", Arrays.asList("refresh_token"));
         if (clientId == null) {
-            if (logger.isDebugEnabled()) {
-                logger.debug("Client id not provided, using authorized party field (azp)");
-            }
-            clientId = token.getAzp();
-            if (clientId == null) {
-                if (logger.isDebugEnabled()) {
-                    logger.debug("Authorized party field (azp) not present, getting one of the audience field (aud)");
-                }
-                clientId = getFirstAudienceNoAccount(token);
-            }
+            clientId = getClientIdFromToken(token);
         }
         params.put("client_id", Arrays.asList(URLEncoder.encode(clientId, "UTF-8")));
         if (clientSecret != null) {
@@ -175,6 +168,21 @@ public class OpenIdConnectRESTHelper {
         return performQueryTokenWithPOST(tokenURL, null, params);
     }
 
+    protected static String getClientIdFromToken(JWTToken token) {
+        String clientId;
+        if (logger.isDebugEnabled()) {
+            logger.debug("Client id not provided, using authorized party field (azp)");
+        }
+        clientId = token.getAzp();
+        if (clientId == null) {
+            if (logger.isDebugEnabled()) {
+                logger.debug("Authorized party field (azp) not present, getting one of the audience field (aud)");
+            }
+            clientId = getFirstAudienceNoAccount(token);
+        }
+        return clientId;
+    }
+
     private static String getFirstAudienceNoAccount(JWTToken token) {
         // Trying to get it from the token's audience ('aud' field), getting the first except the 'account'
         List<String> tokenAud = token.getAud();
@@ -194,7 +202,7 @@ public class OpenIdConnectRESTHelper {
     public static boolean logout(URL logoutUrl, String clientId, JWTToken token) throws IOException {
         Map<String, List<String>> params = new HashMap<>();
         if (clientId == null) {
-            clientId = getFirstAudienceNoAccount(token);
+            clientId = getClientIdFromToken(token);
         }
         params.put("client_id", Arrays.asList(URLEncoder.encode(clientId, "UTF-8")));
         params.put("refresh_token", Arrays.asList(token.getRefreshTokenString()));