Mounting an app at a non-root endpoint fails on the uri check because passport-http is only checking the relative uri as seen by the express app, not by the uri as seen by the client.
e.g.

authApp = require('../modules/auth');
app.use('/auth', authApp);

// ../module/auth.js
app.get('/digest', passport.authenticate 'digest');

Seems to always yield 400.