diff --git a/website/oauth2.py b/website/oauth2.py
index 955360c..cec29a9 100644
--- a/website/oauth2.py
+++ b/website/oauth2.py
@@ -122,7 +122,7 @@ def config_oauth(app):
 
     # support all openid grants
     authorization.register_grant(AuthorizationCodeGrant, [
-        OpenIDCode(require_nonce=True),
+        OpenIDCode(require_nonce=app.config['REQUIRE_NONCE']),
     ])
     authorization.register_grant(ImplicitGrant)
     authorization.register_grant(HybridGrant)
diff --git a/website/settings.py b/website/settings.py
index 3d15b10..5fcf840 100644
--- a/website/settings.py
+++ b/website/settings.py
@@ -3,3 +3,5 @@
 OAUTH2_JWT_ISS = 'https://authlib.org'
 OAUTH2_JWT_KEY = 'secret-key'
 OAUTH2_JWT_ALG = 'HS256'
+
+REQUIRE_NONCE = False