The “nonce” value is still important in the code flow for OAuth and OIDC flows to prevent CSRF attacks on the “Authorize” screen. This is a bug in our implementation, we’ll address shortly. Thanks for reporting!
For more information on nonces, http://openid.net/specs/openid-connect-core-1_0.html#NonceNotes provides the context we have built our OIDC implementation to