I do like how passport utilizes the Strategy pattern, Passport has to be one of the most intuitive authentication libraries I have ever used and I have been through a host of them. Authentication, especially browser based authentication has been traditional one of the most painful portions of an application if you needs stray from the norm. I remember trying to do REST authentication back in the day, on Java servers when REST was just a bunch of crazy internet kids messing around. It was painful the bend the authentication away from the standard page post models of form based authentication without writing a load of custom code. With Passport you write a small strategy (if one does not exist) and you are up and running. Passport was one of the first solutions to impress me in a long time.