Node.js oAuth2 implementation - advice on strategy and flow - Passport and Oauth2orize

I am currently developing a REST API and associated web based responsive app. My requirements are as follows:

• REST API must be secured using authentication, and be developer friendly
• Web application should support sessions as well as be able to access the REST endpoints
• Later, I would like to allow other apps to be developed against my API.
• Later, I would also want users to login to the app using remote oAuth2 providers e.g. Twitter

So I implemented an oAuth2 workflow using a resource Owner Password Flow. This has the following workflow:

• http POST /oauth/token grant_type=password client_id=mobileV1 client_secret=abc123456 username=andrey password=simplepassword

• http /api/userinfo Authorization:'Bearer TOKEN'

The above uses a combination of Passports BasicStrategy (to secure /oauth/token), ClientPasswordStrategy (authenticates clients using a client ID/secret) and BearerStrategy (use token against API).

I am now at a stage where I need to implement the site login strategy i.e. sessions however that suggest using Passports LocalStrategy.

Should I replace my current BasicStrategy implementation for LocalStrategy? The BasicStrategy was implemented to restrict access to the /oauth/token resource, however does not start a session. My understanding is that the BasicStrategy is to be used with API endpoints where the architecture is stateless. As a result, sessions are not required but can be used.

Questions:

1) Is the oAuth2 using a resource Owner Password Flow suitable for these purposes?

2) Should I replace my current BasicStrategy implementation for LocalStrategy or add sessions to the BasicStrategy?

Appreciate any comments.