PHPackages iamxml/fusio-adapter-gcp-zero-trust - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [HTTP & Networking](/categories/http) 4. / 5. iamxml/fusio-adapter-gcp-zero-trust ActiveLibrary[HTTP & Networking](/categories/http) iamxml/fusio-adapter-gcp-zero-trust =================================== Fusio adapter providing Cloud Run zero-trust HTTP connection with ID token auth v0.2.3(1mo ago)00Apache-2.0PHPPHP >=8.1 Since Mar 14Pushed 1mo agoCompare [ Source](https://github.com/xml/fusio-adapter-gcp-zero-trust)[ Packagist](https://packagist.org/packages/iamxml/fusio-adapter-gcp-zero-trust)[ Docs](https://github.com/xml/fusio-adapter-gcp-zero-trust)[ RSS](/packages/iamxml-fusio-adapter-gcp-zero-trust/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependencies (5)Versions (2)Used By (0) fusio/adapter-gcp-zero-trust ============================ [](#fusioadapter-gcp-zero-trust) Fusio adapter for calling Cloud Run services with automatic Google-signed ID token injection. Provides a **Connection** type and a matching **Action** type that work together: - **Connection** (`Google Cloud Run Zero Trust HTTP`) — returns a Guzzle HTTP client with ID token middleware - **Action** (`Google Cloud Run HTTP`) — proxies Fusio requests through that connection to a downstream Cloud Run service Install ------- [](#install) ``` composer require fusio/adapter-gcp-zero-trust php bin/fusio system:register "Fusio\Adapter\GcpZeroTrust\Adapter" ``` Setup ----- [](#setup) ### Step 1: Create a Connection [](#step-1-create-a-connection) **Backend > API > Connections > Create** Select type: **Google Cloud Run Zero Trust HTTP** FieldDescription**Base URL**Target service URL, e.g. `https://my-service-abc123.run.app`**Audience**Cloud Run audience for the ID token. Usually the same as the base URL. Must be the `.run.app` URL (custom domains are not supported as audience).**Header Mode**`Authorization` or `X-Serverless-Authorization` (see below)**Timeout**HTTP timeout in seconds (default: 30)**Enable Logging**Log outbound requests with method, path, status code, and duration. Never logs tokens or bodies.### Step 2: Create an Action [](#step-2-create-an-action) **Backend > API > Actions > Create** Select type: **Google Cloud Run HTTP** FieldDescription**Connection**Select the connection created in Step 1 (dropdown of all configured connections)**Method**`AUTO` (forwards the inbound HTTP method), or a fixed method: `GET`, `POST`, `PUT`, `PATCH`, `DELETE`**Path**Relative path on the target service, e.g. `/api/v1/users`. Supports `{{param}}` placeholders resolved from URI fragments.**Forward Headers**Comma-separated list of inbound headers to forward, e.g. `X-Request-Id, Accept-Language`### Step 3: Bind the Action to an Operation [](#step-3-bind-the-action-to-an-operation) **Backend > API > Operations** Point a route to the action. The action will: 1. Load the configured connection (which returns a Guzzle client with ID token middleware) 2. Forward the HTTP method, path, query parameters, and request body to the downstream service 3. Return the downstream response (status code, headers, and body) back through Fusio Header modes ------------ [](#header-modes) - **Authorization** — Sets `Authorization: Bearer `. Use when the target service has no app-level auth. - **X-Serverless-Authorization** — Sets `X-Serverless-Authorization: Bearer `, leaving `Authorization` free for app-level auth (e.g. Fusio Bearer tokens). Cloud Run validates this header for IAM, strips it before forwarding to the container, and passes `Authorization` through untouched. [Cloud Run docs](https://cloud.google.com/run/docs/authenticating/service-to-service). How authentication works ------------------------ [](#how-authentication-works) The adapter uses [Google Application Default Credentials](https://cloud.google.com/docs/authentication/application-default-credentials) to fetch ID tokens: - **On Cloud Run**: Uses the metadata server automatically. The calling service's service account must have `roles/run.invoker` on the target service. - **Locally**: Uses credentials from `gcloud auth application-default login`. Tokens are cached in-process for ~55 minutes (tokens are valid for 1 hour) using `google/auth`'s `FetchAuthTokenCache` with `MemoryCacheItemPool`. Example: Dockerfile for a custom Fusio image -------------------------------------------- [](#example-dockerfile-for-a-custom-fusio-image) ``` FROM fusio/fusio:5.2.5 WORKDIR /var/www/html/fusio RUN composer require fusio/adapter-gcp-zero-trust:^0.2 \ --no-interaction --no-progress RUN php bin/fusio system:register \ "Fusio\\Adapter\\GcpZeroTrust\\Adapter" ``` Requirements ------------ [](#requirements) - PHP >= 8.1 - Fusio Engine ^6.0 (ships with `fusio/fusio` v5.2+) - `google/auth` ^1.50 - `guzzlehttp/guzzle` ^7.0 Development ----------- [](#development) ``` make install # Install dependencies make test # Run tests (PHPUnit) make lint # Static analysis (phpstan level 6) ``` License ------- [](#license) Apache-2.0 ### Health Score 33 — LowBetter than 75% of packages Maintenance88 Actively maintained with recent releases Popularity0 Limited adoption so far Community6 Small or concentrated contributor base Maturity32 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 59d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/f81825590c4d9b81a8b580ba9bc92dfb98dd1411f77dbbadb611341bef8e7290?d=identicon)[xml](/maintainers/xml) --- Top Contributors [![xml](https://avatars.githubusercontent.com/u/1126175?v=4)](https://github.com/xml "xml (9 commits)") --- Tags Guzzlegcpfusio-adaptercloud runZero Trustfusio ### Code Quality TestsPHPUnit Static AnalysisPHPStan Type Coverage Yes ### Embed Badge ![Health badge](/badges/iamxml-fusio-adapter-gcp-zero-trust/health.svg) ``` [![Health](https://phpackages.com/badges/iamxml-fusio-adapter-gcp-zero-trust/health.svg)](https://phpackages.com/packages/iamxml-fusio-adapter-gcp-zero-trust) ``` ### Alternatives [kevinrob/guzzle-cache-middleware A HTTP/1.1 Cache for Guzzle 6. It's a simple Middleware to be added in the HandlerStack. (RFC 7234) 43117.4M104](/packages/kevinrob-guzzle-cache-middleware)[eightpoints/guzzle-bundle Integrates Guzzle 6.x, a PHP HTTP Client, into Symfony. Comes with easy and powerful configuration options and optional plugins. 45912.1M55](/packages/eightpoints-guzzle-bundle)[guzzlehttp/oauth-subscriber Guzzle OAuth 1.0 subscriber 24114.5M141](/packages/guzzlehttp-oauth-subscriber)[caseyamcl/guzzle_retry_middleware Guzzle v6+ retry middleware that handles 429/503 status codes and connection timeouts 21610.7M64](/packages/caseyamcl-guzzle-retry-middleware)[php-http/guzzle7-adapter Guzzle 7 HTTP Adapter 9057.1M555](/packages/php-http-guzzle7-adapter)[graham-campbell/guzzle-factory Provides A Simple Guzzle Factory With Good Defaults 916.4M49](/packages/graham-campbell-guzzle-factory) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)