Skip to main content

Enabling OAuth

warning

Tableau Server 2025.3+ only. Full Tableau Cloud is not supported yet but is coming soon ETA Q2 2026. Until then, enabling OAuth support against a Tableau Cloud site will only work when the MCP server is accessed using a local development URL e.g. http://127.0.0.1:3927/tableau-mcp.

When a URL for OAUTH_ISSUER is provided, the MCP server will act as an OAuth 2.1 resource server, capable of accepting and responding to protected resource requests using encrypted access tokens. When enabled, MCP clients will first require logging in via Tableau OAuth to connect to the MCP server. For more information, please see the MCP Authorization spec.

Environment Variables

When OAuth is enabled, the following environment variables also apply or have additional meaning:

AUTH

The method the MCP server uses to authenticate to the Tableau REST APIs.

  • Defaults to oauth when OAuth is enabled.
  • Can still be set to other authentication methods. See Authentication for options.
  • When set to a value other than oauth, the MCP server will still be protected from unauthorized access by OAuth but will not use the Tableau session initiated by the Tableau OAuth flow to authenticate to the Tableau REST APIs. For example, if AUTH is set to pat, the MCP server will use the values of PAT_NAME and PAT_VALUE to authenticate to the Tableau REST APIs.

OAUTH_ISSUER

The issuer of the OAuth server. This should be the host of the MCP server.

  • Required if AUTH is oauth. For testing, use http://127.0.0.1:3927.
  • Required if TRANSPORT is http unless opted out with DANGEROUSLY_DISABLE_OAUTH.

TRANSPORT

The MCP transport type to use for the server.

  • Defaults to http when OAuth is enabled.
  • Must be http when OAuth is enabled.

SERVER

  • When AUTH is oauth, leave this empty to support any Tableau Cloud pod determined by the site the user signed into when connecting to the MCP server.

SITE_NAME

The target Tableau site for OAuth.

  • When AUTH is oauth, leaving this empty means any site will be supported, determined by the site the user signed into when connecting to the MCP server.

OAUTH_REDIRECT_URI

The redirect URI for the OAuth flow.

  • Default: ${OAUTH_ISSUER}/Callback
  • Recommended to not define a value at all and just rely on its default value.
  • Path must be /Callback (case-sensitive).
info

Tableau Server administrators must also use tsm to set oauth.allowed_redirect_uri_hosts to the host of the MCP server.

The value should be the same as OAUTH_ISSUER but without the protocol or any trailing slash.

tsm configuration set -k oauth.allowed_redirect_uri_hosts -v tableau-mcp.example.com
tsm pending-changes apply

OAUTH_CLIENT_ID_SECRET_PAIRS

A comma-separated list of client ID and secret pairs to be used for OAuth clients that require the use of the client credentials grant type.

  • Optional.
  • Example: client1:secret1,client2:secret2
  • Client IDs and secrets must be unique and cannot contain colons or commas.
  • The /oauth/token endpoint accepts client credentials in the request body or the authorization header. If both are provided, the request body takes precedence.
  • When an access token is requested with the client credentials grant type:
    • No refresh token is issued to the client.
    • AUTH must not be set to oauth since there is no Tableau user associated with the access token. The user context must come from the user who owns the Personal Access Token or from the value of the JWT_SUB_CLAIM environment variable.

Example /oauth/token request body:

{
  "grant_type": "client_credentials",
  "client_id": "clientId",
  "client_secret": "secret"
}

Example /oauth/token request header:

Authorization: Basic Y2xpZW50SWQ6c2VjcmV0

Where Y2xpZW50SWQ6c2VjcmV0 is the base64 encoding of clientId:secret.

OAUTH_JWE_PRIVATE_KEY

The RSA private key used to decrypt the OAuth access token.

  • It or OAUTH_JWE_PRIVATE_KEY_PATH must be provided, but not both.

  • Only PEM format is supported.

  • Examples:

    -----BEGIN RSA PRIVATE KEY-----\nMIIE...HZ3Q==\n-----END RSA PRIVATE KEY-----

    or

    -----BEGIN ENCRYPTED PRIVATE KEY-----\nMIIJ...te1w==\n-----END ENCRYPTED PRIVATE KEY-----
info

The access token issued by the MCP server is encrypted using JWE (JSON Web Encryption) using an RSA public key. This public key is derived from the provided RSA private key.

MCP clients provide this encrypted access token to the MCP server on the Authorization header of its requests. The MCP server decrypts the access token using the provided private key and uses the Tableau access token held within to authenticate subsequent requests to Tableau APIs. Any requests to the MCP server that do not have a valid access token will be rejected.

If you need a private key, you can generate one using openssl-genrsa e.g.

openssl genrsa -out private.pem

OAUTH_JWE_PRIVATE_KEY_PATH

The absolute path to the RSA private key (.pem) file used to decrypt the OAuth access token.

  • It or OAUTH_JWE_PRIVATE_KEY must be provided, but not both.
  • Only PEM format is supported.

OAUTH_JWE_PRIVATE_KEY_PASSPHRASE

The passphrase for the private key if it is encrypted.

OAUTH_AUTHORIZATION_CODE_TIMEOUT_MS

The timeout for the OAuth authorization codes.

  • Default: 10 seconds.
  • Max: 1 hour.

OAUTH_ACCESS_TOKEN_TIMEOUT_MS

The timeout for the OAuth access tokens.

  • Default: 1 hour.
  • Max: 30 days.

OAUTH_REFRESH_TOKEN_TIMEOUT_MS

warning

OAuth support is currently in beta, and the present implementation retains refresh tokens in memory. Consequently, a server administrator's action of stopping and restarting the server, potentially during an upgrade, will result in the loss of all refresh tokens.

Any access tokens actively utilized by MCP clients will remain functional until their expiration, but subsequent attempts to refresh these tokens will fail, requiring the user to sign out and then sign back in.

This issue also pertains to authorization codes, though its impact is less likely due to their significantly shorter expiration window. This limitation will be addressed in a later release.

The timeout for the OAuth refresh tokens.

  • Default: 30 days.
  • Max: 1 year.

DANGEROUSLY_DISABLE_OAUTH

warning

When TRANSPORT is http, the default behavior changes to require protecting your MCP server with OAuth as a security best practice.

To opt out of this behavior at your own risk, set DANGEROUSLY_DISABLE_OAUTH to true.

This is not recommended as your MCP server will not be protected from unauthorized access. By explicitly disabling OAuth, you accept any and all risks associated with this decision.

  • Default: false

Sequence Diagram

Key Components

Grant Types

The MCP server supports three OAuth 2.1 grant types:

  1. Authorization Code Grant (with PKCE): Interactive flow requiring user authentication

    • User must authenticate with Tableau Server
    • Supports refresh tokens for long-term access
    • Uses PKCE for security
    • Suitable for interactive applications

  2. Client Credentials Grant: Non-interactive flow for service-to-service authentication

    • No user authentication required
    • No refresh tokens issued
    • Uses pre-configured client ID/secret pairs
    • Suitable for automated systems and APIs

  3. Refresh Token Grant: Used to obtain new access tokens

    • Only available for authorization code grants
    • Automatically refreshes Tableau tokens when possible
    • Falls back to existing tokens if refresh fails

Security Features

  • PKCE (RFC 7636): Code challenge/verifier for public clients (authorization code only)
  • JWE Encryption: Access tokens encrypted with RSA-OAEP-256/A256GCM
  • State Validation: Prevents CSRF attacks (authorization code only)
  • Time-limited Tokens: Authorization codes (10 seconds), access tokens (1 hour), refresh tokens (30 days)
  • Client Credential Verification: Secure comparison using timing-safe operations

Token Types

  1. Tableau OAuth Tokens: Direct from Tableau Server (authorization code only)
  2. MCP Authorization Code: Short-lived code for token exchange (authorization code only)
  3. MCP Access Token: JWE-encrypted token containing Tableau credentials or client info
  4. MCP Refresh Token: For obtaining new access tokens (authorization code only)

Endpoints

  • /.well-known/oauth-protected-resource: Resource metadata discovery
  • /.well-known/oauth-authorization-server: Authorization server metadata
  • /oauth/register: Dynamic client registration
  • /oauth/authorize: Authorization endpoint with PKCE (authorization code only)
  • /Callback: OAuth callback handler (authorization code only)
  • /oauth/token: Token exchange and refresh (all grant types)