diff --git a/src/main/java/com/bettercloud/vault/response/AuthResponse.java b/src/main/java/com/bettercloud/vault/response/AuthResponse.java
index 0c3449ae..761b9e82 100644
--- a/src/main/java/com/bettercloud/vault/response/AuthResponse.java
+++ b/src/main/java/com/bettercloud/vault/response/AuthResponse.java
@@ -24,6 +24,7 @@ public class AuthResponse extends VaultResponse {
     private String appId;
     private String userId;
     private String username;
+    private String nonce;
 
     /**
      * This constructor simply exposes the common base class constructor.
@@ -47,6 +48,7 @@ public AuthResponse(final RestResponse restResponse, final int retries) {
                 appId = metadata.getString("app-id", "");
                 userId = metadata.getString("user-id", "");
                 username = metadata.getString("username", "");
+                nonce = metadata.getString("nonce", "");
             }
             authClientToken = authJsonObject.getString("client_token", "");
             final JsonArray authPoliciesJsonArray = authJsonObject.get("policies").asArray();
@@ -89,4 +91,6 @@ public String getAppId() {
     public String getUserId() {
         return userId;
     }
+
+    public String getNonce() { return nonce; }
 }
diff --git a/src/test/java/com/bettercloud/vault/vault/api/AuthBackendAwsTests.java b/src/test/java/com/bettercloud/vault/vault/api/AuthBackendAwsTests.java
index d5c943d8..d3d14d63 100644
--- a/src/test/java/com/bettercloud/vault/vault/api/AuthBackendAwsTests.java
+++ b/src/test/java/com/bettercloud/vault/vault/api/AuthBackendAwsTests.java
@@ -4,6 +4,7 @@
 import com.bettercloud.vault.VaultConfig;
 import com.bettercloud.vault.VaultException;
 import com.bettercloud.vault.json.JsonObject;
+import com.bettercloud.vault.response.AuthResponse;
 import com.bettercloud.vault.vault.VaultTestUtils;
 import com.bettercloud.vault.vault.mock.AuthRequestValidatingMockVault;
 import org.eclipse.jetty.server.Server;
@@ -41,15 +42,19 @@ public void testLoginByAwsEc2Id() throws Exception {
         final Vault vault = new Vault(vaultConfig);
 
         String token = null;
+        String nonce = null;
         try {
-            token = vault.auth()
-                    .loginByAwsEc2("role", "identity", "signature", null, null)
-                    .getAuthClientToken();
+            AuthResponse response = vault.auth()
+                    .loginByAwsEc2("role", "identity", "signature", null, null);
+            nonce = response.getNonce();
+            token = response.getAuthClientToken();
         } catch (VaultException ignored) {
         }
 
         server.stop();
 
+        assertNotNull(nonce);
+        assertEquals("5defbf9e-a8f9-3063-bdfc-54b7a42a1f95", nonce.trim());
         assertNotNull(token);
         assertEquals("c9368254-3f21-aded-8a6f-7c818e81b17a", token.trim());
 
@@ -80,15 +85,18 @@ public void testLoginByAwsEc2Pkcs7() throws Exception {
         System.out.println("Running Aws EC2 test");
 
         String token = null;
+        String nonce = null;
         try {
-            token = vault.auth()
-                    .loginByAwsEc2("role", "pkcs7", null, null)
-                    .getAuthClientToken();
+            AuthResponse response = vault.auth().loginByAwsEc2("role", "pkcs7", null, null);
+            nonce = response.getNonce();
+            token = response.getAuthClientToken();
         } catch (VaultException ignored) {
         }
 
         server.stop();
 
+        assertNotNull(nonce);
+        assertEquals("5defbf9e-a8f9-3063-bdfc-54b7a42a1f95", nonce.trim());
         assertNotNull(token);
         assertEquals("c9368254-3f21-aded-8a6f-7c818e81b17a", token.trim());
     }
@@ -114,13 +122,16 @@ public void testLoginByAwsIam() throws Exception {
                 .build();
         final Vault vault = new Vault(vaultConfig);
 
-        final String token = vault.auth()
+        AuthResponse response = vault.auth()
                 .loginByAwsIam("role", "url", "body", "headers",
-                        null)
-                .getAuthClientToken();
+                        null);
+        final String nonce = response.getNonce();
+        final String token = response.getAuthClientToken();
 
         server.stop();
 
+        assertNotNull(nonce);
+        assertEquals("5defbf9e-a8f9-3063-bdfc-54b7a42a1f95", nonce.trim());
         assertNotNull(token);
         assertEquals("c9368254-3f21-aded-8a6f-7c818e81b17a", token.trim());
     }
diff --git a/src/test/java/com/bettercloud/vault/vault/mock/AuthRequestValidatingMockVault.java b/src/test/java/com/bettercloud/vault/vault/mock/AuthRequestValidatingMockVault.java
index e3d5cb95..687d9333 100644
--- a/src/test/java/com/bettercloud/vault/vault/mock/AuthRequestValidatingMockVault.java
+++ b/src/test/java/com/bettercloud/vault/vault/mock/AuthRequestValidatingMockVault.java
@@ -19,7 +19,8 @@ public class AuthRequestValidatingMockVault extends MockVault {
             "      \"instance_id\": \"i-de0f1344\",\n" +
             "      \"ami_id\": \"ami-fce36983\",\n" +
             "      \"role\": \"dev-role\",\n" +
-            "      \"auth_type\": \"ec2\"\n" +
+            "      \"auth_type\": \"ec2\",\n" +
+            "      \"nonce\": \"5defbf9e-a8f9-3063-bdfc-54b7a42a1f95\"\n" +
             "    },\n" +
             "    \"policies\": [\n" +
             "      \"default\",\n" +