Direct Trust

When AUTH is direct-trust, the MCP server will use the provided Tableau Direct Trust Connected App info to generate a scoped JSON Web Token (JWT) and use it to authenticate to the Tableau REST APIs.

The generated JWT will have the minimum set of scopes necessary to invoke the methods called by the tool being executed.

For example, for the query-datasource tool, since it internally calls into VizQL Data Service, the JWT will only have the tableau:viz_data_service:read scope.

Required Variables

`JWT_SUB_CLAIM`

The username for the sub claim of the JWT.

`CONNECTED_APP_CLIENT_ID`

The client ID of the Tableau Connected App.

`CONNECTED_APP_SECRET_ID`

The secret ID of the Tableau Connected App.

`CONNECTED_APP_SECRET_VALUE`

The secret value of the Tableau Connected App.

Optional Variables

`JWT_ADDITIONAL_PAYLOAD`

A JSON string that includes any additional user attributes to include on the JWT.

Example:

{ "region": "West" }

Required Variables​

JWT_SUB_CLAIM​

CONNECTED_APP_CLIENT_ID​

CONNECTED_APP_SECRET_ID​

CONNECTED_APP_SECRET_VALUE​

Optional Variables​

JWT_ADDITIONAL_PAYLOAD​