My organization is considering developing a Tableau extension in order to provide write-back functionality so that users of Tableau Server can do things like define custom user groups and customize their dashboard. We have a working sample extension using Node.js which writes back to our database, however we would like to inquire about authentication/authorization since we would like our Node.js API to ensure the requests coming in are from an authenticated and authorized user (so that malicious users cannot impersonate other users and tweak others' dashboard settings). Authenticated meaning we are certain the user is who they say they are, and authorized meaning the user is permitted to perform a certain action as defined by the logic in our Tableau extension's Node.js API. We have an Active Directory server in our organization, organization-wide G Suite, and various other databases which hold bits of user information so we may need to connect to multiple services/databases. I've searched online and have been unable to find information regarding authentication/authorization inside a Tableau extension.
My questions are as follows:
- Since the user is already logged in to Tableau Server, can we share the Tableau Server session with the Tableau extension Node.js server so that the user doesn't have to log in a second time on our extension's webpage? It would seemingly be easy to integrate with Active Directory and Google OAuth separately, requiring the user to log in to our extension, but if the user is already logged in to Tableau Server, it would be nice to not require logging in a second time.
- Can we authenticate/integrate with Active Directory? With Google? Is it Single Sign-On (SSO)?
- Is there a way in the extension client code and the Node.js extension server code to get the information for the user who is currently logged in to Tableau Server (e.g. username/email address)? Is there a Tableau extension API method we can call to get this information?
- Is there any concrete code example/tutorial demonstrating authentication/authorization?
- How would one test the extension and the authentication/authorization offline in Tableau Desktop after adding authentication and authorization?
- Another question I have is whether Tableau Server has the ability to host the Node.js server itself, or if it needs to be hosted on a separate server (such as an Azure VM, or anything really). I do not have access to the administration side of Tableau Server in my organization so I have not been able to check.