The flag to indicate whether this property is hidden from client
applications.
If a property is not hidden, the property will come along with
an access token. For example, if you set the properties request
parameter as follows when you call Authlete /auth/token API,
[
{
"key":"example_parameter",
"value":"example_value",
"hidden":false
}
]
The value of responseContent in the response from the API will
contain the pair of example_parameter and example_value like
below,
{
...
"responseContent": "{\"access_token\":\"(abbrev)\",\"example_parameter\":\"example_value\",...}"
}
and this will result in that the client application will receive
a JSON which contains the pair like the following.
{
"access_token":"(abbrev)",
"example_parameter":"example_value",
...
}
On the other hand, if you mark a property as hidden like
below,
[
{
"key":"hidden_parameter",
"value":"hidden_value",
"hidden":true
}
]
The client application will never see the property in any response
from your authorization server. However, of course, the property
is still associated with the access token and it can be confirmed
by calling Authlete /auth/introspection API (which is an
API to get information about an access token). A response from
the API contains all properties associated with the given access
token regardless of whether they are hidden or visible. The
following is an example from Authlete introspection API.
{
"type":"introspectionResponse",
"resultCode":"A056001",
"resultMessage":"[A056001] The access token is valid.",
"action":"OK",
"clientId":5008706718,
"existent":true,
"expiresAt":1463310477000,
"properties":[
{
"hidden":false,
"key":"example_parameter",
"value":"example_value"
},
{
"hidden":true,
"key":"hidden_parameter",
"value":"hidden_value"
}
],
"refreshable":true,
"responseContent":"Bearer error=\"invalid_request\"",
"subject":"user123",
"sufficient":true,
"usable":true
}