XIVAuth makes a few OAuth scopes available to developers. Not all of these are intended for public consumption, but they will be documented anyways.
user: Base scope for access to core user information (user ID, verification status, etc.)
user:email: Scope to additionally retrieve the user’s email and verification status.user:social: Scope to additionally retrieve information about the user’s linked social identities. The user may elect which social identities (if any) to share with the requesting service.user:jwt: Scope to additionally request a JWT attestation for a specific user.character: Base scope for access to information about a single (verified) character belonging to a user. The user will be prompted to select the shared character when this scope is selected. All character scopes (except character:jwt) are mutually exclusive and will raise an error if multiple are used.
character:all: Scope to retrieve information about multiple (verified) characters. The user will be prompted to select which characters they would like to share with the requesting service.character:jwt: Scope to request generation of a JWT attestation to prove ownership of a specific character.character:manage: Scope to allow management of all characters on a user’s account.refresh: Scope to request a Refresh Token and persistent access to data.For security, anti-abuse, and general usability reasons, the user:jwt, character:jwt, and character:manage scopes will need to be manually requested and approved by the XIVAuth developer team in production. Developers in the staging environment may freely use these scopes.
These scopes are not suited for general purpose applications, and should only be considered under special use cases. If these scopes are to be used, you may be asked to provide information about your use case and why “standard” scopes are not sufficient. In some cases, a new feature will be added to the XIVAuth platform as a result of your request.