我认为这是不可能的，因为据我所知，您需要一种将请求移交给"第二种策略的方法一个失败了，我不认为那是可能的.

I don't think it's possible, because as far as I can see you need some method of 'handing off' a request to the second strategy when the first one fails, and I don't believe that's possible.

但是您也许可以使用一种本地策略，而只是尝试使用两种方法对传入的数据进行身份验证.

But you might be able to use one local strategy, and just try to authenticate the incoming data using both methods.

作为一个简单的示例(使用Mongoose作为示例数据库):

As a simple example (using Mongoose as an example database):

passport.use(new LocalStrategy(function(username, password, done) {
  Model1.findOne({ username : username }, function(err, user) {
    // first method succeeded?
    if (!err && user && passwordMatches(...)) {
      return done(null, user);
    }
    // no, try second method:
    Model2.findOne({ name : username }, function(err, user) {
      // second method succeeded?
      if (! err && user && passwordMatches(...)) {
        return done(null, user);
      }
      // fail! 
      done(new Error('invalid user or password'));
    });
  }); 
}));

对于序列化/反序列化，您可能需要在传递给done的user对象中存储一些属性，以表示反序列化用户所需的模型.

For serialization/deserialization you might need to store some property in the user object that you pass to done to signify which model is required to deserialize the user.