Passport is a Node.js plugin that has the singular purpose of authenticating requests. That is, making sure only people who are logged in and who should be able to make certain requests are able to do so. Authentication is a basic security feature of every web application, including SPAs.
Passport is extremely flexible, allowing authentication through a number of different means, called strategies. Strategies include logging in with a simple username and password, or using OAuth to log in with Facebook or Twitter. Passport provides over 100 different strategies we should use for authentication. This chapter will focus on a local authentication strategy, while the following chapter will integrate social media strategies.
Like most plugins used with Express, Passport is middleware and so its use will be familiar to us. This is a great architecture as well, because it keeps concerns separated in our application.