The nonce is used by server side to ensure that the submitted id_token wasnt used before.
But in fact we may have multiple parties who also want to check the id_token. It may be multiple microservices on the backend or simply a reverse proxy that also can be interested in authorization.

E.g. jkl.mn proxy that forwards traffic to yurt may also login a user for sso between other yurts.

Each party may append its own part into nonce and then check it in the received id_token.

1. Yurt: nonce: 1234
2. Proxy: adds 5678 and nonce becomes 12345678. It must store the position of added nonce.
3. An IdP singns an id_token and verification begins
4. Proxy extracts back its part and check that it's equal with stored. If succesfull forwards to yurt
5. Yurt makes the same with begining part.

To correlate request a state may be used. Or use length prefixes. But it makes the flow much difficult to implement. So for now lets assume only two nonces of a fixed size