@fakewaffle is right. You can make passport stateless by setting session to false.
I have developed an Oauth2 server using oauth2rize. https://github.com/jaredhanson/oauth2orize/.
I use it provide access tokens to client, which are then sent with every request in authorization
header. These tokens are stored in database and are therefore stateless.
You can of course use other providers to authenticate user and provide access token to client.
Passport.js provides multiple authentication providers which can be used to authenticate via 3rd party providers such as facebook, twitter, etc.
Here is link to facebook auth provider http://passportjs.org/guide/facebook/.
Does this answer the question or is there something else you want to do?