The flag which indicates whether this property is hidden from the client application or not.
If a property is not hidden, information about the property will be sent back to the client application with an access token. For example, if you set the "properties" request prameter as follows when you call Authlete's /api/auth/token API,
"properties": [
{
"key": "example_parameter",
"value": "example_value",
"hidden": false
}
]
The value of the "responseContent" response parameter in the response from the API will contain the pair of "example_parameter" and "example_value" like below.
"responseContent":
"{\"access_token\":\"(abbrev)\",\"example_parameter\":\"example_value\",...}"
and this will result in that the client application will receive a JSON which contains the pair like the following.
{
"access_token": "(abbrev)",
"example_parameter": "example_value",
...
}
On the other hand, if you mark a property as hidden like below,
"properties": [
{
"key": "hidden_parameter",
"value": "hidden_value",
"hidden": true
}
]
the client application will never see the property in any response from your authorization server. However, of course, the property is still associated with the access token and it can be confirmed by calling Authlete's /api/auth/introspection API (which is an API to get information about an access token). A response from the API contains all properties associated with the given access token regardless of whether they are hidden or visible. The following is an example response from Authlete's /api/auth/introspection API.
{
"type":"introspectionResponse",
"resultCode":"A056001",
"resultMessage":"[A056001] The access token is valid.",
"action":"OK",
"clientId":5008706718,
"existent":true,
"expiresAt":1463310477000,
"properties":[
{
"hidden":false,
"key":"example_parameter",
"value":"example_value"
},
{
"hidden":true,
"key":"hidden_parameter",
"value":"hidden_value"
}
],
"refreshable":true,
"responseContent":"Bearer error=\"invalid_request\"",
"subject":"user123",
"sufficient":true,
"usable":true
}
1.8.18