what is passport.initialize()? (nodejs express)
Sometimes it's better to look into the code: passport github on initialize()
TL;DR
With sessions, initialize() setups the functions to serialize/deserialize the user data from the request.
You are not required to use passport.initialize() if you are not using sessions.
/**
* Passport initialization.
*
* Intializes Passport for incoming requests, allowing authentication strategies
* to be applied.
*
* If sessions are being utilized, applications must set up Passport with
* functions to serialize a user into and out of a session. For example, a
* common pattern is to serialize just the user ID into the session (due to the
* fact that it is desirable to store the minimum amount of data in a session).
* When a subsequent request arrives for the session, the full User object can
* be loaded from the database by ID.
*
* Note that additional middleware is required to persist login state, so we
* must use the `connect.session()` middleware _before_ `passport.initialize()`.
*
* If sessions are being used, this middleware must be in use by the
* Connect/Express application for Passport to operate. If the application is
* entirely stateless (not using sessions), this middleware is not necessary,
* but its use will not have any adverse impact.
...
passport.initialize() is a middle-ware that initialises Passport.
Middlewares are functions that have access to the request object (req), the response object (res), and the next middleware function in the application’s request-response cycle.
Passport is an authentication middleware for Node that authenticates requests.
So basically passport.initialize() initialises the authentication module.
passport.session() is another middleware that alters the request object and change the 'user' value that is currently the session id (from the client cookie) into the true deserialized user object. It is explained in detail here.