-
Notifications
You must be signed in to change notification settings - Fork 32
Generate JWT from admin-provided endpoint #95
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pull Request Overview
This PR adds support for JWT token generation from an admin-provided endpoint. The implementation allows server administrators to specify a JWT_PROVIDER_URL
environment variable that the server will call to obtain JWT tokens before authenticating to the Tableau REST API.
- Introduces a new
jwt
authentication type alongside existingpat
anddirect-trust
methods - Adds context parameter to all tool calls to identify which tool is requesting authentication
- Creates a utility function to fetch JWT tokens from external providers with validation
Reviewed Changes
Copilot reviewed 25 out of 26 changed files in this pull request and generated 2 comments.
Show a summary per file
File | Description |
---|---|
src/utils/getJwtFromProvider.ts |
New utility function to fetch and validate JWT tokens from external provider |
src/config.ts |
Adds jwt auth type and JWT_PROVIDER_URL configuration with validation |
src/restApiInstance.ts |
Integrates JWT provider functionality into REST API authentication flow |
src/sdks/tableau/authConfig.ts |
Extends auth config types to support JWT authentication |
src/tools/*/ |
Updates all tool files to include context parameter for authentication |
src/server/express.ts |
Adds debug endpoint for JWT generation testing |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
app.post(path, createMcpServer); | ||
app.get(path, methodNotAllowed); | ||
app.delete(path, methodNotAllowed); | ||
app.post('/jwt', generateJwt); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This endpoint is for demonstration purposes only. I'll remove it before merging.
These changes allow server administrators to specify a
JWT_PROVIDER_URL
environment variable such that whenAUTH
isjwt
, before the MCP server authenticates to the Tableau REST API, it will make a POST request to the endpoint provided inJWT_PROVIDER_URL
. This endpoint must return the JSON web token to then be used to authenticate to the REST API and can include any additional, desired user attributes.Security is pretty basic and leverages a header on the request whose value is an encrypted secret. The secret is known only by the Tableau MCP server and the JWT provider. The secret is encrypted by the Tableau MCP server using a public key. The JWT provider can then decrypt the header with the private key and ensure the secret matches what it expects.
POST request header:
POST request body:
Expected response:
Example Express route handler: