Question

Mendix with Microfrontend

0

Hi, We are exploring the possibility of creating multiple Mendix applications as microfrontends and embedding these microfrontend applications within a React-based application. Can this be accomplished in Mendix while ensuring robust security, especially when the Mendix applications are being accessed from other React-based applications? If this is feasible, could you please provide an example or reference? We are particularly interested in ensuring that security is enforced both when the applications are accessed externally from React and internally within Mendix itself. Our specific requirement involves embedding the Mendix application either as an iframe or a web component in the React application. Additionally, we need to implement security mechanisms for handling requests, such as using JWT tokens or similar security protocols.

asked 2024-08-15

KK

2 answers

Scott Perkins · Answer 1 · 2024-08-15

I think this solution could be technically feasible, but I'm not sure it would be a good approach. I've seen this in the past crash pretty hard trying to piece together a cohesive UI with a bunch of iframes. My suggestion would be to expose the data from the Mendix apps via APIs, which you could protect via OAuth with JWT, and consume via your React application. If you're concerned that you'll end up with a monolithic front-end, you could still break up your UI into a microfrontend, but there are pretty large tradeoffs. Microservices and Microfrontends are a terrible way to build apps unless your bottleneck is scaling your dev team.

Tim van Steenbergen · Answer 2 · 2024-08-16

To answer your question: Yes, Mendix will have a robust security.

Also when implemented as Microfrontends. Currently I am building an app which is using Mendix at the frontend and Flowable at the backend. Most, almost all, data is stored in the backend. Communication between front- and back-end is done via api's. Users only use the Mendix-app, Flowable does data-management and, of course, the workflow-logic, which is what Flowable does best.

As for using microfrontends, this implies that you use a lot of these little apps in your company. To do so, three things are important: standardization, standardization, standardization. Starting the build of a microapp should ideally be a one-click task, resulting in an app that does have ci/cd pipeline, a UI/UX-framework, working single-sign-on, connection to the React-backend, (if your company has an api-portal publishing the company's services:) connection to the company's api-portal, (a selection of) your companies masterdata. After that one click, the one-and-only concern of the developers of a microapp, should be the functionality of that app. So no adaptation to styling, no login-screen, no building of company-generic functions, just and only the microapp-functions.

Iframe has technical challenges regarding security and browsers and is not a popular technique to use. I would advice against it.