The flag to indicate whether this property is hidden from client
applications.
If a property is not hidden, the property will come along with
an access token. For example, if you set the properties
request
parameter as follows when you call Authlete /auth/token
API,
[
{
"key":"example_parameter",
"value":"example_value",
"hidden":false
}
]
The value of responseContent
in the response from the API will
contain the pair of example_parameter
and example_value
like
below,
{
...
"responseContent": "{\"access_token\":\"(abbrev)\",\"example_parameter\":\"example_value\",...}"
}
and this will result in that the client application will receive
a JSON which contains the pair like the following.
{
"access_token":"(abbrev)",
"example_parameter":"example_value",
...
}
On the other hand, if you mark a property as hidden like
below,
[
{
"key":"hidden_parameter",
"value":"hidden_value",
"hidden":true
}
]
The client application will never see the property in any response
from your authorization server. However, of course, the property
is still associated with the access token and it can be confirmed
by calling Authlete /auth/introspection
API (which is an
API to get information about an access token). A response from
the API contains all properties associated with the given access
token regardless of whether they are hidden or visible. The
following is an example from Authlete introspection API.
{
"type":"introspectionResponse",
"resultCode":"A056001",
"resultMessage":"[A056001] The access token is valid.",
"action":"OK",
"clientId":5008706718,
"existent":true,
"expiresAt":1463310477000,
"properties":[
{
"hidden":false,
"key":"example_parameter",
"value":"example_value"
},
{
"hidden":true,
"key":"hidden_parameter",
"value":"hidden_value"
}
],
"refreshable":true,
"responseContent":"Bearer error=\"invalid_request\"",
"subject":"user123",
"sufficient":true,
"usable":true
}