Hey Chris -
FYI, it is not a good idea to secure data in Tableau by passing something in at runtime: There are too many ways a technique like that can "go wrong" and either reveal project ids themselves, and/or allow someone to get in the middle and plug different IDs to see stuff they shouldn't. High level guidance - don't do this.
Instead, investigate Tableau's built-in Row Level Security. Your user will actually authenticate against Tableau Server using one of our SSO mechanisms, and then everything from there is "automagic".
Hope this helps.