Relay Core Connector Textfile Bundle Laravel Package

Product Decisions This Supports

• Build vs. Buy: Accelerates development of internal API gateways by avoiding custom authorization logic from scratch, reducing dev effort by ~30-50% for text-file-based auth use cases.
• Roadmap Alignment: Enables rapid prototyping of low-complexity access control systems (e.g., internal tools, sandbox environments, or legacy system integrations) without coupling to databases.
• Feature Expansion: Supports modular auth extensions (e.g., hybrid auth systems) by providing a reusable AuthorizationDataProviderInterface template for future connectors (e.g., LDAP, OAuth).
• Use Cases:
  • Internal APIs with static role/permission mappings (e.g., admin dashboards, CI/CD pipelines).
  • Legacy system bridges where auth data is stored in flat files (e.g., CSV/JSON configs).
  • Sandbox/testing environments where dynamic DB auth is overkill.

When to Consider This Package

• Adopt if:

  • Your auth data is static or infrequently updated (e.g., config-driven roles/permissions).
  • You’re using Symfony + Relay API Gateway and need a lightweight AuthorizationDataProvider.
  • You prioritize simplicity over scalability (e.g., internal tools, prototypes).
  • Your team lacks resources to build a custom solution but needs basic RBAC (Role-Based Access Control).

• Look elsewhere if:

  • Auth data requires real-time updates (use a DB-backed provider like dbp/relay-core-connector-doctrine).
  • You need scalable user management (e.g., OAuth, SSO) → evaluate lexik/jwt-authentication-bundle or symfony/security.
  • Your stack isn’t Symfony/Relay-based (this bundle is tightly coupled to Relay’s AuthorizationDataProviderInterface).
  • Compliance requires audit logs or dynamic revocation (flat files lack these features).

How to Pitch It (Stakeholders)

For Executives: "This package lets us ship internal API auth in weeks instead of months by leveraging a pre-built, config-driven solution for static permissions. Ideal for [InternalToolName] or [LegacySystem] integrations, it cuts dev time by reusing Relay’s gateway framework while avoiding custom auth logic. Low risk—minimal dependencies, AGPL-compatible for our stack."

For Engineering: *"The dbp/relay-core-connector-textfile-bundle provides a drop-in AuthorizationDataProvider for Relay, reading roles/permissions from YAML/JSON files. Perfect for:

• Prototyping auth flows without DB overhead.
• Internal APIs where permissions are static (e.g., config/packages/permissions.yaml).
• Extending Relay later with other connectors (e.g., swap text files for DB calls). Tradeoff: No real-time updates, but zero maintenance for static data. Install via Composer in <5 mins."*

For Security/Compliance: *"This bundle centralizes auth rules in config files, making them version-controlled and auditable via Git. However, note:

• No dynamic revocation: Permissions updates require config deploys.
• AGPL license: Ensure compliance if using open-source Relay core. Recommendation: Pair with a separate audit log (e.g., Symfony Monolog) for critical systems."*