diff --git a/server/handlers.go b/server/handlers.go
index cddb4c0d..a2b20f23 100644
--- a/server/handlers.go
+++ b/server/handlers.go
@@ -1538,9 +1538,11 @@ func (s *Server) handleClientCredentialsGrant(w http.ResponseWriter, r *http.Req
 		}
 	}
 
-	connID := "__client_credentials"
+	nonce := r.Form.Get("nonce")
 
-	accessToken, expiry, err := s.newAccessToken(ctx, client.ID, claims, scopes, "", connID)
+	connID := ""
+
+	accessToken, expiry, err := s.newAccessToken(ctx, client.ID, claims, scopes, nonce, connID)
 	if err != nil {
 		s.logger.ErrorContext(ctx, "client_credentials grant failed to create new access token", "err", err)
 		s.tokenErrHelper(w, errServerError, "", http.StatusInternalServerError)
@@ -1549,7 +1551,7 @@ func (s *Server) handleClientCredentialsGrant(w http.ResponseWriter, r *http.Req
 
 	var idToken string
 	if hasOpenIDScope {
-		idToken, expiry, err = s.newIDToken(ctx, client.ID, claims, scopes, "", accessToken, "", connID)
+		idToken, expiry, err = s.newIDToken(ctx, client.ID, claims, scopes, nonce, accessToken, "", connID)
 		if err != nil {
 			s.logger.ErrorContext(ctx, "client_credentials grant failed to create new ID token", "err", err)
 			s.tokenErrHelper(w, errServerError, "", http.StatusInternalServerError)
diff --git a/server/handlers_test.go b/server/handlers_test.go
index 1b586f31..cf050d91 100644
--- a/server/handlers_test.go
+++ b/server/handlers_test.go
@@ -791,7 +791,7 @@ func TestHandleClientCredentials(t *testing.T) {
 					// Decode the subject to verify the connector ID.
 					var sub internal.IDTokenSubject
 					require.NoError(t, internal.Unmarshal(idToken.Subject, &sub))
-					require.Equal(t, "__client_credentials", sub.ConnId)
+					require.Equal(t, "", sub.ConnId)
 					require.Equal(t, tc.clientID, sub.UserId)
 
 					var claims struct {