1 files changed, 9 insertions, 3 deletions

diff --git a/oauthlib/oauth2/rfc6749/grant_types/openid_connect.py b/oauthlib/oauth2/rfc6749/grant_types/openid_connect.py
index bdd09b9..4c98864 100644
--- a/oauthlib/oauth2/rfc6749/grant_types/openid_connect.py
+++ b/oauthlib/oauth2/rfc6749/grant_types/openid_connect.py
@@ -141,6 +141,13 @@ class OpenIDConnectBase(object):
     def openid_authorization_validator(self, request):
         """Perform OpenID Connect specific authorization request validation.
 
+        nonce
+                OPTIONAL. String value used to associate a Client session with
+                an ID Token, and to mitigate replay attacks. The value is
+                passed through unmodified from the Authentication Request to
+                the ID Token. Sufficient entropy MUST be present in the nonce
+                values used to prevent attackers from guessing values
+
         display
                 OPTIONAL. ASCII string value that specifies how the
                 Authorization Server displays the authentication and consent
@@ -306,6 +313,7 @@ class OpenIDConnectBase(object):
 
         request_info = {
             'display': request.display,
+            'nonce': request.nonce,
             'prompt': prompt,
             'ui_locales': request.ui_locales.split() if request.ui_locales else [],
             'id_token_hint': request.id_token_hint,
@@ -336,9 +344,7 @@ class OpenIDConnectBase(object):
             desc = 'Request is missing mandatory nonce parameter.'
             raise InvalidRequestError(request=request, description=desc)
 
-        self._inflate_claims(request)
-
-        return {'nonce': request.nonce, 'claims': request.claims}
+        return {}
 
 
 class OpenIDConnectAuthCode(OpenIDConnectBase):