Is there an existing issue that is already proposing this?

• I have searched the existing issues

Is your feature request related to a problem? Please describe it

Reading the documentation the topic writing custom strategies is left out IMO. For me the following questions come up implementing a custom strategy:

• Should we import Strategy from passport or from passport-custom?
• Why can we also write a authenticate() function and what are the differences to validate()? For what should validate() and for what authenticate() be used?
• When using authenticate() there are functions like this.success(), this.pass(), this.error() but inside the validate() they are not existent, why is that?
• Why do I need to call this.sucess(authedUserObj) within authenticate() but in validate() I can just return the authedUserObj?
• When using authenticate() the validate() function is never called, why is that?

Describe the solution you'd like

Extend the documentation. If you would answer my questions (so I understand it more) I would make a PR to the docs.

Teachability, documentation, adoption, migration strategy

No response

What is the motivation / use case for changing the behavior?

It is not described how to write a custom strategy at all. For example I might want to have a custom strategy that validates a refresh token within my database.