Merge pull request #3033 from kryptonpust/patch-1

docs(passport.md): explains express authInfo populate procedure

Author: kamilmysliwiec

content/recipes/passport.md

@@ -628,6 +628,8 @@ The `validate()` method deserves some discussion. For the jwt-strategy, Passport
 
 As a result of all this, our response to the `validate()` callback is trivial: we simply return an object containing the `userId` and `username` properties. Recall again that Passport will build a `user` object based on the return value of our `validate()` method, and attach it as a property on the `Request` object.
 
+Additionally, you can return an array, where the first value is used to create a `user` object and the second value is used to create an `authInfo` object.
+
 It's also worth pointing out that this approach leaves us room ('hooks' as it were) to inject other business logic into the process. For example, we could do a database lookup in our `validate()` method to extract more information about the user, resulting in a more enriched `user` object being available in our `Request`. This is also the place we may decide to do further token validation, such as looking up the `userId` in a list of revoked tokens, enabling us to perform token revocation. The model we've implemented here in our sample code is a fast, "stateless JWT" model, where each API call is immediately authorized based on the presence of a valid JWT, and a small bit of information about the requester (its `userId` and `username`) is available in our Request pipeline.
 
 Add the new `JwtStrategy` as a provider in the `AuthModule`: