node package manager
Share your code. npm Orgs help your team discover, share, and reuse code. Create a free org ยป


ROIP Token Validation node.js middleware module.

Protects endpoints with RoIP.


logger = require "roip-logger" # Optional
roipTokenValidation = require "roip-token-validation"
app.use roipTokenValidation

# RoIP token validator can also be used directly
roipTokenValidator = require("roip-token-validation")()
error = roipTokenValidator.validateToken(req.path, token)
if error
  console.log error.message


  • ROIP_TOKEN_VALIDATION_URI_ROOTS: A comma-separated list of token scopes accepted at this server. (e.g.,http://localhost:3015)
  • ROIP_TOKEN_VALIDATION_DISABLE: (default: false) - Disabled RoIP Token validation module. For testing purposes only. A warning will be output to the log for every request when module is disabled.
  • ROIP_TOKEN_VALIDATION_DEBUG_LOG_HEADER: (default: false) - If set, debug message will be output containing 'Authorization' header.
  • ROIP_NODE_CAS_REQUEST_TIMEOUT: (default: 5000) - Default timeout getting token from CAS
  • ROIP_NODE_CAS_RETRY_MAX_COUNT: (default: 10) - Maximum number of retries
  • ROIP_NODE_CAS_RETRY_MAX_WAIT_TIME_MS: (default: 100) - Maximum delay between retries. Actual delay will be chosen randomly between ROIP_NODE_CAS_RETRY_MAX_WAIT_TIME_MS / 4 and ROIP_NODE_CAS_RETRY_MAX_WAIT_TIME_MS


Roip token validation module integrates with roip-logger if present. If roip-logger module is not available, logging will be enabled using console.