SaaS Solution Platform — Blazor microfrontend backlog plan¶
Introduction¶
This document covers Epic EPIC-SAAS-SHELL (ConnectSoft.Blazor.Shell.Saas) and Epic EPIC-SAAS-MFE (Blazor MFE templates per bounded context). Backend template work is in Backlog plan.
Epic rollup: Epics and program backlog.
Reference patterns: ConnectSoft Documentation — Docs/starters/blazor-templates-hld.md (Application Shell, MFE, Web Components); Identity / Authorization Server MFE template repos.
ID naming: Extends factory IDs (SAAS-SHELL-*, SAAS-MFE-*) from Docs/starters/saas-extensions-and-templates-epics.md with new features/tasks below.
ID matrix (frontend extensions)¶
| ID | Type | Title |
|---|---|---|
| SAAS-SHELL-F02 | Feature | OIDC and session integration |
| SAAS-SHELL-F03 | Feature | BFF or YARP proxy to gateway |
| SAAS-SHELL-F04 | Feature | Observability and correlation |
| SAAS-SHELL-F05 | Feature | Sample deployment and smoke test |
| SAAS-SHELL-T02–T08 | Task | Shell implementation tasks |
| SAAS-MFE-F02–F06 | Feature | One MFE template feature per bounded context |
| SAAS-MFE-T02–T12 | Task | MFE scaffold and test tasks |
Epic: EPIC-SAAS-SHELL — ConnectSoft.Blazor.Shell.Saas¶
Outcome: Single Blazor Web App host: navigation, MFE registry, tenant/edition policy, OIDC, BFF alignment with Authorization Server and API Gateway.
Feature SAAS-SHELL-F01 — Shell responsibilities and MFE contract¶
Description: Shell hosts Web Component MFEs; manifest defines capabilities, routes, and required claims; parity with Blazor Templates HLD Application Shell.
Acceptance criteria:
- Manifest schema documented (JSON):
name,version,routePrefix,requiredScopes,cdnUrlorassemblyload. - ConnectSoft.Blazor.Shell.Saas naming used consistently in docs and backlog.
- CSP and SRI expectations referenced from HLD.
Tasks:
| ID | Title | Description | Dependencies |
|---|---|---|---|
| SAAS-SHELL-T01 | Shell vs generic Blazor Shell Template diff | Document SaaS-specific: tenant resolver, edition route table, SaaS nav slots. | — |
Feature SAAS-SHELL-F02 — OIDC and session integration¶
Description: Sign-in/sign-out, silent renew, scopes for calling ServiceModel APIs via gateway; no secrets in WASM beyond public client config.
Acceptance criteria:
- Authorization Server metadata and client IDs configurable per environment.
- Access token forwarded to BFF/gateway per request; refresh flows documented.
Tasks:
| ID | Title | Description |
|---|---|---|
| SAAS-SHELL-T02 | OIDC client configuration | Scopes for catalog, tenants, billing APIs. |
| SAAS-SHELL-T03 | Session and redirect URIs | Localhost vs staging vs prod redirect matrix. |
Feature SAAS-SHELL-F03 — BFF or YARP proxy to gateway¶
Description: Centralize API calls through BFF or YARP so MFEs do not embed gateway URLs; tenant and correlation headers injected server-side.
Acceptance criteria:
- Single base path for API from browser (e.g.
/api/...). - Header propagation from claims to upstream ServiceModel calls.
Tasks:
| ID | Title | Description |
|---|---|---|
| SAAS-SHELL-T04 | YARP route table | Routes per bounded context ServiceModel. |
| SAAS-SHELL-T05 | Anti-CSRF and cookie policy | Same-site, secure cookies for BFF session. |
Feature SAAS-SHELL-F04 — Observability and correlation¶
Description: OpenTelemetry traces from shell and MFE loads; trace and tenant id on every API call.
Acceptance criteria:
- W3C traceparent propagated to gateway.
- Tenant id on span attributes when resolved.
Tasks:
| ID | Title | Description |
|---|---|---|
| SAAS-SHELL-T06 | OTel setup for shell | ASP.NET Core + WASM resource attributes. |
Feature SAAS-SHELL-F05 — Sample deployment and smoke test¶
Description: Docker or Azure sample that runs shell + one MFE + gateway in dev; Playwright smoke: login, load MFE, one API call.
Acceptance criteria:
- docker-compose or README one-command up for local demo.
- CI optional: smoke test in pipeline template design.
Tasks:
| ID | Title | Description |
|---|---|---|
| SAAS-SHELL-T07 | Sample compose / README | Execution phase; design documented here. |
| SAAS-SHELL-T08 | Playwright scenario | Happy path: OIDC mock or test IdP. |
Epic: EPIC-SAAS-MFE — Blazor MFE template repositories (SaaS contexts)¶
Outcome: One MFE template family per bounded context (admin/self-service can be two features per context if needed); only ServiceModel clients; WASM or Server per pattern (documented per template).
Feature SAAS-MFE-F01 — MFE template pattern per context¶
Description: Shared RCL or template pack conventions: Web Components export, bUnit tests, manifest entry for shell.
Acceptance criteria:
- Naming convention:
ConnectSoft.Blazor.Mfe.Saas.<Context>(or approved pattern) documented. - Identity MFE repo cited as golden reference.
Tasks:
| ID | Title | Description |
|---|---|---|
| SAAS-MFE-T01 | WASM vs Server per MFE | Decision matrix per context; default WASM for heavy isolation. |
Feature SAAS-MFE-F02 — MFE template — Tenants¶
Description: Admin UI for tenant lifecycle; ServiceModel clients to Tenants API only.
Acceptance criteria:
- Routes under
/admin/tenants(or agreed prefix); authorize policy TenantsAdmin. - No direct SQL; HTTP only via typed clients.
Tasks:
| ID | Title | Description |
|---|---|---|
| SAAS-MFE-T02 | Tenants MFE scaffold | Pages: list, detail, create; stub data. |
| SAAS-MFE-T03 | Tenants MFE tests | bUnit smoke + authorization tests. |
Feature SAAS-MFE-F03 — MFE template — Product catalog¶
Description: Products, editions, features admin; ServiceModel from ProductsCatalog.
Acceptance criteria:
- Edition and feature toggles aligned with catalog ServiceModel.
- Validation messages for duplicate keys.
Tasks:
| ID | Title | Description |
|---|---|---|
| SAAS-MFE-T04 | Catalog MFE pages | Product list, edition editor, feature matrix. |
| SAAS-MFE-T05 | Catalog MFE tests | bUnit + Playwright critical path. |
Feature SAAS-MFE-F04 — MFE template — Entitlements¶
Description: Assign entitlements to tenants; consumes Entitlements + read-only catalog IDs.
Acceptance criteria:
- Assignment flows use IDs from catalog APIs (search/select).
- Authorization policy for entitlement admins.
Tasks:
| ID | Title | Description |
|---|---|---|
| SAAS-MFE-T06 | Entitlements MFE pages | Assignment grid, effective dates. |
Feature SAAS-MFE-F05 — MFE template — Billing¶
Description: Subscription and invoice views; ServiceModel to Billing; no PAN/card data in UI if out of scope.
Acceptance criteria:
- PCI boundaries documented (redirect to PSP if applicable).
- Read-only vs mutating actions separated by policy.
Tasks:
| ID | Title | Description |
|---|---|---|
| SAAS-MFE-T07 | Billing MFE pages | Subscription list, invoice list. |
Feature SAAS-MFE-F06 — MFE template — Metering¶
Description: Usage ingestion status, quota display; admin dashboards for metering health.
Acceptance criteria:
- Idempotent upload UX for batch usage (if applicable).
- Charts use aggregated API only (no raw DB).
Tasks:
| ID | Title | Description |
|---|---|---|
| SAAS-MFE-T08 | Metering MFE pages | Usage explorer, quota alerts. |
Non-functional (all MFE features)¶
- Security: OIDC only; no long-lived API keys in browser for privileged operations.
- Accessibility: Target WCAG 2.1 AA for primary flows (per component library standards).
- Observability: OTel browser exporter optional; correlation with shell.
Tasks:
| ID | Title | Description |
|---|---|---|
| SAAS-MFE-T09 | MFE security review checklist | CSP, dependency audit, SBOM placeholder. |
| SAAS-MFE-T10 | Cross-MFE integration test | Shell loads two MFEs in one session. |
Dependencies¶
- Authorization Server — Token issuance and scopes.
- API Gateway — Routes to ServiceModel backends.
- EPIC-SAAS-SVC-SURFACE — Stable ServiceModel packages for client generation.