diff --git a/src/main/java/org/gcube/oidc/rest/OpenIdConnectRESTHelper.java b/src/main/java/org/gcube/oidc/rest/OpenIdConnectRESTHelper.java
index b220716..3d79b71 100644
--- a/src/main/java/org/gcube/oidc/rest/OpenIdConnectRESTHelper.java
+++ b/src/main/java/org/gcube/oidc/rest/OpenIdConnectRESTHelper.java
@@ -156,7 +156,16 @@ public class OpenIdConnectRESTHelper {
         Map<String, List<String>> params = new HashMap<>();
         params.put("grant_type", Arrays.asList("refresh_token"));
         if (clientId == null) {
-            clientId = getFirstAudienceNoAccount(token);
+            if (logger.isDebugEnabled()) {
+                logger.debug("Client id not provided, using authorized party field (azp)");
+            }
+            clientId = token.getAzp();
+            if (clientId == null) {
+                if (logger.isDebugEnabled()) {
+                    logger.debug("Authorized party field (azp) not present, getting one of the audience field (aud)");
+                }
+                clientId = getFirstAudienceNoAccount(token);
+            }
         }
         params.put("client_id", Arrays.asList(URLEncoder.encode(clientId, "UTF-8")));
         if (clientSecret != null) {