diff --git a/src/apps/oauth/oauth.c b/src/apps/oauth/oauth.c
index 9e42597..1003927 100644
--- a/src/apps/oauth/oauth.c
+++ b/src/apps/oauth/oauth.c
@@ -114,7 +114,10 @@ static int encode_token(const char* server_name,
         encoded_oauth_token etoken;
         ns_bzero(&etoken,sizeof(etoken));
 
-        if (encode_oauth_token((const u08bits *) server_name, &etoken, &key, &ot, (const u08bits*)gcm_nonce) < 0) {
+        // TODO: avoid this hack
+        if (!*gcm_nonce) gcm_nonce='\0';
+
+        if (encode_oauth_token((const u08bits *) server_name, &etoken, &key, &ot,(const u08bits *) gcm_nonce) < 0) {
                 fprintf(stderr, "%s: cannot encode oauth token\n",
                                 __FUNCTION__);
                 return -1;
@@ -152,6 +155,12 @@ static int validate_decode_token(const char* server_name,
 
 static void print_token_body(oauth_token* dot) {
         printf("\n");
+        printf("Token non-encrpyted body:\n");
+        printf("{\n");
+        size_t base64encoded_nonce_length;
+        const char *base64encoded_nonce = base64_encode((unsigned char *)dot->enc_block.nonce, dot->enc_block.nonce_length,&base64encoded_nonce_length); 
+        printf("    nonce: %s\n", base64encoded_nonce);
+        printf("    nonce length: %d\n", (int) dot->enc_block.nonce_length);
         printf("Token encrpyted body:\n");
         printf("{\n");
         printf("    mac key: %s\n", (char*) dot->enc_block.mac_key);
diff --git a/src/client/ns_turn_msg.c b/src/client/ns_turn_msg.c
index 1ad98e0..dde54fb 100644
--- a/src/client/ns_turn_msg.c
+++ b/src/client/ns_turn_msg.c
@@ -2511,6 +2511,7 @@ static int decode_oauth_token_gcm(const u08bits *server_name, const encoded_oaut
 		const unsigned char *csnl = snl;
 
 		uint16_t nonce_len = nswap16(*((const uint16_t*)csnl));
+                dtoken->enc_block.nonce_length = nonce_len;
 
 		size_t min_encoded_field_size = 2+4+8+nonce_len+2+OAUTH_GCM_TAG_SIZE+1;
 		if(etoken->size < min_encoded_field_size) {
@@ -2521,6 +2522,7 @@ static int decode_oauth_token_gcm(const u08bits *server_name, const encoded_oaut
 		const unsigned char* encoded_field = (const unsigned char*)(etoken->token + nonce_len + 2);
 		unsigned int encoded_field_size = (unsigned int)etoken->size - nonce_len - 2 - OAUTH_GCM_TAG_SIZE;
 		const unsigned char* nonce = ((const unsigned char*)etoken->token + 2);
+                ns_bcopy(nonce,dtoken->enc_block.nonce,nonce_len);
 
 		unsigned char tag[OAUTH_GCM_TAG_SIZE];
 		ns_bcopy(((const unsigned char*)etoken->token) + nonce_len + 2 + encoded_field_size, tag ,sizeof(tag));