JWT based session key instead of cookie

I'm building scalable application there the backend should be as stateless as possible. Thus I'd like to use client stored JWT Tokens instead of server stored session keys for my web apps (angular 2/reactjs).

However it is a little bit unclear to me how this achieved with passport, since I could not find any documentation on this. The documentation only describes serializing and deserializing users from sessions in the middleware in the configuration. I'd really appreciate your opinion if this is possible with passport out-of-the-box and how you would implement it?

Session storage strategy

Instead mapping the session to a stateful session key, which is persisted on the server side and requires some kind of storage (memcache or redis), session information should be stored in a JWT which is persisted in a cookie or localstorage.

Scenario

User registration
Authentication using any authentication strategy like local, google, facebook
Generating JWT and persisting on client
Adding the JWT to every request from the web app to the server (JWT may must be renewed before the end of lease time)
Server validates JWT on every request to provide user context. Depending on information provided in the jwt it may or may not be necessary to resolve the user object, making it possible to save one roundtrip to the database.

It may also be interessting to add authentication modules for web apps (angular / react) to provide token handling and renewal eg. as a networkInterface component for angular 2 or react.

AJAX based loggin page

Building a web application login typically is ajax based. However several strategies like google and facebook do require redirects. Is there any best practise implementing this for a web app? In this situation I often see popups asking for authorization and then the main pages redirects to the app.

jaredhanson / passport