PHPackages iamxml/fusio-adapter-gcp-zero-trust - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [HTTP & Networking](/categories/http) 4. / 5. iamxml/fusio-adapter-gcp-zero-trust ActiveLibrary[HTTP & Networking](/categories/http) iamxml/fusio-adapter-gcp-zero-trust =================================== Fusio adapter providing Cloud Run zero-trust HTTP connection with ID token auth v0.2.3(3mo ago)00Apache-2.0PHPPHP >=8.1 Since Mar 12Pushed 3mo agoCompare [ Source](https://github.com/xml/fusio-adapter-gcp-zero-trust)[ Packagist](https://packagist.org/packages/iamxml/fusio-adapter-gcp-zero-trust)[ Docs](https://github.com/xml/fusio-adapter-gcp-zero-trust)[ RSS](/packages/iamxml-fusio-adapter-gcp-zero-trust/feed)WikiDiscussions main Synced 3w ago READMEChangelogDependencies (5)Versions (8)Used By (0) fusio/adapter-gcp-zero-trust ============================ [](#fusioadapter-gcp-zero-trust) Fusio adapter for calling Cloud Run services with automatic Google-signed ID token injection. Provides a **Connection** type and a matching **Action** type that work together: - **Connection** (`Google Cloud Run Zero Trust HTTP`) — returns a Guzzle HTTP client with ID token middleware - **Action** (`Google Cloud Run HTTP`) — proxies Fusio requests through that connection to a downstream Cloud Run service Install ------- [](#install) ``` composer require fusio/adapter-gcp-zero-trust php bin/fusio system:register "Fusio\Adapter\GcpZeroTrust\Adapter" ``` Setup ----- [](#setup) ### Step 1: Create a Connection [](#step-1-create-a-connection) **Backend > API > Connections > Create** Select type: **Google Cloud Run Zero Trust HTTP** FieldDescription**Base URL**Target service URL, e.g. `https://my-service-abc123.run.app`**Audience**Cloud Run audience for the ID token. Usually the same as the base URL. Must be the `.run.app` URL (custom domains are not supported as audience).**Header Mode**`Authorization` or `X-Serverless-Authorization` (see below)**Timeout**HTTP timeout in seconds (default: 30)**Enable Logging**Log outbound requests with method, path, status code, and duration. Never logs tokens or bodies.### Step 2: Create an Action [](#step-2-create-an-action) **Backend > API > Actions > Create** Select type: **Google Cloud Run HTTP** FieldDescription**Connection**Select the connection created in Step 1 (dropdown of all configured connections)**Method**`AUTO` (forwards the inbound HTTP method), or a fixed method: `GET`, `POST`, `PUT`, `PATCH`, `DELETE`**Path**Relative path on the target service, e.g. `/api/v1/users`. Supports `{{param}}` placeholders resolved from URI fragments.**Forward Headers**Comma-separated list of inbound headers to forward, e.g. `X-Request-Id, Accept-Language`### Step 3: Bind the Action to an Operation [](#step-3-bind-the-action-to-an-operation) **Backend > API > Operations** Point a route to the action. The action will: 1. Load the configured connection (which returns a Guzzle client with ID token middleware) 2. Forward the HTTP method, path, query parameters, and request body to the downstream service 3. Return the downstream response (status code, headers, and body) back through Fusio Header modes ------------ [](#header-modes) - **Authorization** — Sets `Authorization: Bearer `. Use when the target service has no app-level auth. - **X-Serverless-Authorization** — Sets `X-Serverless-Authorization: Bearer `, leaving `Authorization` free for app-level auth (e.g. Fusio Bearer tokens). Cloud Run validates this header for IAM, strips it before forwarding to the container, and passes `Authorization` through untouched. [Cloud Run docs](https://cloud.google.com/run/docs/authenticating/service-to-service). How authentication works ------------------------ [](#how-authentication-works) The adapter uses [Google Application Default Credentials](https://cloud.google.com/docs/authentication/application-default-credentials) to fetch ID tokens: - **On Cloud Run**: Uses the metadata server automatically. The calling service's service account must have `roles/run.invoker` on the target service. - **Locally**: Uses credentials from `gcloud auth application-default login`. Tokens are cached in-process for ~55 minutes (tokens are valid for 1 hour) using `google/auth`'s `FetchAuthTokenCache` with `MemoryCacheItemPool`. Example: Dockerfile for a custom Fusio image -------------------------------------------- [](#example-dockerfile-for-a-custom-fusio-image) ``` FROM fusio/fusio:5.2.5 WORKDIR /var/www/html/fusio RUN composer require fusio/adapter-gcp-zero-trust:^0.2 \ --no-interaction --no-progress RUN php bin/fusio system:register \ "Fusio\\Adapter\\GcpZeroTrust\\Adapter" ``` Requirements ------------ [](#requirements) - PHP >= 8.1 - Fusio Engine ^6.0 (ships with `fusio/fusio` v5.2+) - `google/auth` ^1.50 - `guzzlehttp/guzzle` ^7.0 Development ----------- [](#development) ``` make install # Install dependencies make test # Run tests (PHPUnit) make lint # Static analysis (phpstan level 6) ``` License ------- [](#license) Apache-2.0 ### Health Score 32 — LowBetter than 69% of packages Maintenance80 Actively maintained with recent releases Popularity0 Limited adoption so far Community6 Small or concentrated contributor base Maturity38 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~0 days Total 7 Last Release 105d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/f81825590c4d9b81a8b580ba9bc92dfb98dd1411f77dbbadb611341bef8e7290?d=identicon)[xml](/maintainers/xml) --- Top Contributors [![xml](https://avatars.githubusercontent.com/u/1126175?v=4)](https://github.com/xml "xml (9 commits)") --- Tags Guzzlegcpfusio-adaptercloud runZero Trustfusio ### Code Quality TestsPHPUnit Static AnalysisPHPStan Type Coverage Yes ### Embed Badge ![Health badge](/badges/iamxml-fusio-adapter-gcp-zero-trust/health.svg) ``` [![Health](https://phpackages.com/badges/iamxml-fusio-adapter-gcp-zero-trust/health.svg)](https://phpackages.com/packages/iamxml-fusio-adapter-gcp-zero-trust) ``` ### Alternatives [guzzlehttp/oauth-subscriber Guzzle OAuth 1.0 subscriber 24015.1M149](/packages/guzzlehttp-oauth-subscriber)[graham-campbell/guzzle-factory Provides A Simple Guzzle Factory With Good Defaults 926.8M53](/packages/graham-campbell-guzzle-factory)[bilfeldt/laravel-http-client-logger A logger for the Laravel HTTP Client 1531.7M3](/packages/bilfeldt-laravel-http-client-logger)[imdhemy/google-play-billing Google Play Billing 491.4M5](/packages/imdhemy-google-play-billing)[eljam/guzzle-jwt-middleware A jwt authentication middleware for guzzle 6 28750.0k3](/packages/eljam-guzzle-jwt-middleware)[eslazarev/wildberries-sdk Wildberries OpenAPI clients (generated). 252.5k](/packages/eslazarev-wildberries-sdk) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)