diff --git a/lms/djangoapps/course_api/blocks/serializers.py b/lms/djangoapps/course_api/blocks/serializers.py
index 3bbd41aa35..044f233fb9 100644
--- a/lms/djangoapps/course_api/blocks/serializers.py
+++ b/lms/djangoapps/course_api/blocks/serializers.py
@@ -8,6 +8,25 @@ from rest_framework.reverse import reverse
 from .transformers import SUPPORTED_FIELDS
 
 
+# This lists the names of all fields that are allowed
+# to be show to users who do not have access to a particular piece
+# of content
+FIELDS_ALLOWED_IN_AUTH_DENIED_CONTENT = [
+    "display_name",
+    "block_id",
+    "student_view_url",
+    "student_view_multi_device",
+    "lms_web_url",
+    "type",
+    "id",
+    "block_counts",
+    "graded",
+    "descendants",
+    "authorization_denial_reason",
+    "authorization_denial_message",
+]
+
+
 class BlockSerializer(serializers.Serializer):  # pylint: disable=abstract-method
     """
     Serializer for single course block
@@ -40,15 +59,6 @@ class BlockSerializer(serializers.Serializer):  # pylint: disable=abstract-metho
         authorization_denial_reason = block_structure.get_xblock_field(block_key, 'authorization_denial_reason')
         authorization_denial_message = block_structure.get_xblock_field(block_key, 'authorization_denial_message')
 
-        if authorization_denial_reason and authorization_denial_message:
-            data = {
-                'id': unicode(block_key),
-                'block_id': unicode(block_key.block_id),
-                'authorization_denial_reason': authorization_denial_reason,
-                'authorization_denial_message': authorization_denial_message
-            }
-            return data
-
         data = {
             'id': unicode(block_key),
             'block_id': unicode(block_key.block_id),
@@ -89,6 +99,13 @@ class BlockSerializer(serializers.Serializer):  # pylint: disable=abstract-metho
             if children:
                 data['children'] = [unicode(child) for child in children]
 
+        if authorization_denial_reason and authorization_denial_message:
+            data['authorization_denial_reason'] = authorization_denial_reason
+            data['authorization_denial_message'] = authorization_denial_message
+            for field in data.keys():  # pylint: disable=consider-iterating-dictionary
+                if field not in FIELDS_ALLOWED_IN_AUTH_DENIED_CONTENT:
+                    del data[field]
+
         return data
 
 
diff --git a/openedx/features/content_type_gating/tests/test_access.py b/openedx/features/content_type_gating/tests/test_access.py
index 65f9c38f83..afcc7f328a 100644
--- a/openedx/features/content_type_gating/tests/test_access.py
+++ b/openedx/features/content_type_gating/tests/test_access.py
@@ -135,12 +135,19 @@ def _assert_block_is_gated(block, is_gated, user, course, request_factory, has_u
 
     fake_request = request_factory.get('')
     with patch('lms.djangoapps.course_api.blocks.api.is_request_from_mobile_app', return_value=True):
-        blocks = get_blocks(fake_request, course.location, user=user)
+        requested_fields = ['display_name', 'block_id', 'student_view_url', 'student_view_data']
+        blocks = get_blocks(fake_request, course.location, user=user, requested_fields=requested_fields, student_view_data=['html'])
         course_api_block = blocks['blocks'][str(block.location)]
         if is_gated:
             assert 'authorization_denial_reason' in course_api_block
+            assert "display_name" in course_api_block
+            assert "block_id" in course_api_block
+            assert "student_view_url" in course_api_block
+            assert "student_view_data" not in course_api_block
         else:
             assert 'authorization_denial_reason' not in course_api_block
+            if block.category == 'html':
+                assert 'student_view_data' in course_api_block
 
 
 def _assert_block_is_empty(block, user_id, course, request_factory):