Support Tableau Connected Apps JWT Authentication with Site and Scope Enforcement

[JRamosMRAS]

Is your feature request related to a problem? Please describe.

We are building an LLM-driven chatbot application that uses tableau-mcp to query Tableau content.

Our Tableau Server/Cloud environment is multi-tenant, with multiple Tableau Sites—each tenant has its own site, and strict data isolation is required so users cannot see data from another tenant's site.

Currently, tableau-mcp authentication is based on Personal Access Tokens (PATs) or other static credentials tied to a Tableau user account. This has two limitations for our use case:

1. Lack of ephemeral, scoped authentication per request — we cannot dynamically issue short-lived, tenant-specific credentials.
2. No built-in site restriction — PATs are tied to a user, not to an enforced site_id in the MCP layer, meaning we must manage tenant separation manually.

This makes it challenging to implement secure, per-tenant isolation in a dynamic, multi-user, LLM-based application without risking cross-tenant data exposure.

---

Describe the solution you'd like

We propose adding support for Tableau Connected Apps JWT authentication with access scopes in tableau-mcp.

When enabled, the MCP server should:

1. Validate incoming JWTs
   • Verify the signature using the Connected App's public key.
   • Check standard claims (iss, aud, exp, sub).
   • Read scp (scopes) from the JWT to determine allowed API actions.
2. Enforce scope-based permissions
   • Map Tableau scopes (per Connected Apps scopes docs) to MCP API endpoints.
   • Example: tableau:content:read allows GET calls for sites/workbooks/views; tableau:datasources:download allows datasource export.
3. Enforce site-level restrictions
   • Extract site_id (or similar) from the JWT claims.
   • All Tableau REST API calls made by MCP must be scoped to that site_id.
4. Provide configuration options
   • Enable/disable JWT mode via config/env variables.
   • Set Connected App client_id, allowed issuers, and public keys.
   • Optional claim-to-config mapping for site_id.

Example Workflow for a Multi-Tenant LLM App:

• Tenant A user logs into the chatbot → backend issues a JWT with:

  {
    "sub": "userA@example.com",
    "scp": ["tableau:content:read"],
    "site_id": "site-a",
    "iss": "my-connected-app",
    "aud": "tableau",
    "exp": 1736182045
  }

• MCP validates JWT, enforces site_id = site-a, and allows only read calls.
• Tenant B's token would have site_id = site-b and be restricted to their site.

This would enable:

• Strong tenant isolation by default.
• Granular, role-like API access controlled by JWT scopes.
• Short-lived, per-request credentials without managing long-lived PATs.

---

Additional context

Benefits:

• Prevents accidental or malicious cross-tenant data access.
• Simplifies authentication for multi-tenant apps—tokens can be generated dynamically per session.
• Aligns with Tableau’s Connected Apps security model.
• Eliminates PAT storage in the MCP service layer.

References:

• Tableau Connected Apps Overview: https://help.tableau.com/current/online/en-us/connected_apps.htm
• Connected Apps Scopes: https://help.tableau.com/current/online/en-us/connected_apps_scopes.htm
• tableau-mcp repo: https://github.com/tableau/tableau-mcp

We would be happy to help with a design proposal or prototype PR if this feature is considered.

[googlemarketingsite24]

{
"sub": "userA@example.com",
"scp": ["tableau:content:read"],
"site_id": "site-a",
"iss": "my-connected-app",
"aud": "tableau",
"exp": 1736182045
} #169 ``