diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index e30808b..2fd77a8 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -2,17 +2,17 @@ on:
   workflow_dispatch:
     inputs:
       logLevel:
-        description: 'Log level'     
+        description: 'Log level'
         required: true
-        default: 'warning' 
+        default: 'warning'
         type: choice
         options:
         - info
         - warning
-        - debug 
+        - debug
       tags:
         description: 'Tags'
-        required: false 
+        required: false
         type: boolean
   release:
     types: [created]
@@ -28,7 +28,7 @@ jobs:
           node-version: '16'
       - uses: actions/setup-go@v2
         with:
-          go-version: '^1.17.3'
+          go-version: '^1.19.1'
       - name: Install dependencies
         run: |
           sudo apt-get install build-essential wget zip gcc-mingw-w64 && \
diff --git a/app/src/Root.tsx b/app/src/Root.tsx
index cf1041e..522e4ca 100644
--- a/app/src/Root.tsx
+++ b/app/src/Root.tsx
@@ -39,6 +39,7 @@ export default function Root({
 		? searchParams.get('scope')?.toString().split(' ')
 		: ['openid', 'profile', 'email'];
 	const code = searchParams.get('code') || ''
+	const nonce = searchParams.get('nonce') || ''
 
 	const urlProps: Record<string, any> = {
 		state,
@@ -64,6 +65,10 @@ export default function Root({
 				params += `&code=${code}`
 			}
 
+			if (nonce !== '') {
+				params += `&nonce=${nonce}`
+			}
+
 			if (token.refresh_token) {
 				params += `&refresh_token=${token.refresh_token}`;
 			}
diff --git a/server/handlers/authorize.go b/server/handlers/authorize.go
index 8dfcbc9..c99cba8 100644
--- a/server/handlers/authorize.go
+++ b/server/handlers/authorize.go
@@ -85,7 +85,7 @@ func AuthorizeHandler() gin.HandlerFunc {
 		memorystore.Provider.SetState(codeChallenge, code)
 
 		// used for response mode query or fragment
-		loginState := "state=" + state + "&scope=" + strings.Join(scope, " ") + "&redirect_uri=" + redirectURI + "&code=" + code
+		loginState := "state=" + state + "&scope=" + strings.Join(scope, " ") + "&redirect_uri=" + redirectURI + "&code=" + code + "&nonce=" + nonce
 		loginURL := "/app?" + loginState
 
 		if responseMode == constants.ResponseModeFragment {
@@ -191,7 +191,7 @@ func AuthorizeHandler() gin.HandlerFunc {
 			// 	},
 			// })
 
-			params := "code=" + code + "&state=" + state
+			params := "code=" + code + "&state=" + state + "&nonce=" + nonce
 			if responseMode == constants.ResponseModeQuery {
 				if strings.Contains(redirectURI, "?") {
 					redirectURI = redirectURI + "&" + params
@@ -246,7 +246,7 @@ func AuthorizeHandler() gin.HandlerFunc {
 			}
 
 			// used of query mode
-			params := "access_token=" + authToken.AccessToken.Token + "&token_type=bearer&expires_in=" + strconv.FormatInt(expiresIn, 10) + "&state=" + state + "&id_token=" + authToken.IDToken.Token + "&code=" + code
+			params := "access_token=" + authToken.AccessToken.Token + "&token_type=bearer&expires_in=" + strconv.FormatInt(expiresIn, 10) + "&state=" + state + "&id_token=" + authToken.IDToken.Token + "&code=" + code + "&nonce=" + nonce
 
 			res := map[string]interface{}{
 				"access_token": authToken.AccessToken.Token,
@@ -256,6 +256,7 @@ func AuthorizeHandler() gin.HandlerFunc {
 				"token_type":   "Bearer",
 				"expires_in":   expiresIn,
 				"code":         code,
+				"nonce":        nonce,
 			}
 
 			if authToken.RefreshToken != nil {