Hi Sam,
the "passport" parameter is generated by the app to identify the request. Once the SSO is done, the app is opened again with the same passport so it can identify and validate the request. If you remove the passport parameter, the app will be launched but the user won't be authenticated since the app won't be able to validate the passport.
Cheers,
Dani