XIVAuth makes a few OAuth scopes available to developers. Not all of these are intended for public consumption, but they will be documented anyways.

• user: Base scope for access to core user information (user ID, verification status, etc.)
  • user:email: Scope to additionally retrieve the user’s email and verification status.
  • user:social: Scope to additionally retrieve information about the user’s linked social identities. The user may elect which social identities (if any) to share with the requesting service.
  • user:jwt: Scope to additionally request a JWT attestation for a specific user.
• character: Base scope for access to information about a single (verified) character belonging to a user. The user will be prompted to select the shared character when this scope is selected. All character scopes (except character:jwt) are mutually exclusive and will raise an error if multiple are used.
  • character:all: Scope to retrieve information about multiple (verified) characters. The user will be prompted to select which characters they would like to share with the requesting service.
  • character:jwt: Scope to request generation of a JWT attestation to prove ownership of a specific character.
  • character:manage: Scope to allow management of all characters on a user’s account.
• refresh: Scope to request a Refresh Token and persistent access to data.
• jwt:obo: Scope to allow this app to request JWT attestations for other apps