Passport Client Certificate Strategy

Passport.js strategy for TLS client certificate authentication. Version 2.1.0 is the latest stable release (as of 2023). The package enables mutual TLS authentication directly in Node.js applications without requiring a reverse proxy. It provides a verify callback that receives the parsed client certificate object from Node's TLS socket. Key differentiators: first-class support for the standard Passport.js pattern (serialization/deserialization, req.logIn, etc.), ability to pass request object to verify callback, and TypeScript type definitions shipped. Alternative to handling client certificates manually via tls.getPeerCertificate. Release cadence is low; updates are infrequent. Works only with Node.js HTTP/HTTPS servers (not Express middleware alone). Requires a TLS-enabled server with requestCert and rejectUnauthorized options set.