diff --git a/controller/PostgreSQL.cpp b/controller/PostgreSQL.cpp
index 630143ad3..743c510a8 100644
--- a/controller/PostgreSQL.cpp
+++ b/controller/PostgreSQL.cpp
@@ -333,7 +333,7 @@ std::string PostgreSQL::getSSOAuthURL(const nlohmann::json &member)
 		// find an unused nonce, if one exists.
 		pqxx::result r = w.exec_params("SELECT nonce FROM ztc_sso_expiry "
 			"WHERE network_id = $1 AND member_id = $2 "
-			"AND authentication_expiry_time IS NULL AND ((NOW() AT TIME ZONE 'UTC') <= nonce_expiry",
+			"AND authentication_expiry_time IS NULL AND ((NOW() AT TIME ZONE 'UTC') <= nonce_expiry)",
 			networkId, memberId);
 
 		if (r.size() == 1) {