yesod-auth

Authentication for Yesod.

http://www.yesodweb.com/

Version on this page:	1.6.10.3
LTS Haskell 23.19:	1.6.11.3
Stackage Nightly 2025-04-30:	1.6.11.3
Latest on Hackage:	1.6.11.3

See all snapshots yesod-auth appears in

MIT licensed by Michael Snoyman, Patrick Brisbin

Maintained by Michael Snoyman

This version can be pinned in stack with:yesod-auth-1.6.10.3@sha256:ae8db10a9c9b0379cce523bdf83d3e434af578a44063227e50a3e1e78e6904cb,3056

Module documentation for 1.6.10.3

Yesod
- Yesod.Auth
  - Yesod.Auth.BrowserId
  - Yesod.Auth.Dummy
  - Yesod.Auth.Email
  - Yesod.Auth.GoogleEmail2
  - Yesod.Auth.Hardcoded
  - Yesod.Auth.Message
  - Yesod.Auth.OpenId
  - Yesod.Auth.Rpxnow
  - Yesod.Auth.Util
    - Yesod.Auth.Util.PasswordStore

Used by 2 packages in lts-18.6(full list with versions):

yesod-auth-hashdb, yesod-auth-oauth2

yesod-auth

This package provides a pluggable mechanism for allowing users to authenticate with your site. It comes with a number of common plugins, such as OpenID, BrowserID (a.k.a., Mozilla Persona), and email. Other packages are available from Hackage as well. If you’ve written such an add-on, please notify me so that it can be added to this description.

yesod-auth-account: An account authentication plugin for Yesod
yesod-auth-hashdb: The HashDB module previously packaged in yesod-auth, now with stronger, but compatible, security.
yesod-auth-bcrypt: An alternative to the HashDB module.

Changes

ChangeLog for yesod-auth

1.6.10.3

Relax bounds for yesod-form 1.7

1.6.10.2

Relax bounds for persistent 2.12

1.6.10.1

Add support for Persistent 2.11 #1701

1.6.10

Updated AuthMessage data type in Yesod.Auth.Message to accommodate registration flow where password is supplied initially: deprecated AddressVerified and split into EmailVerifiedChangePass and EmailVerified
Fixed a bug in getVerifyR related to the above, where the incorrect message was displayed when password was set during registration
Added sendForgotPasswordEmail to YesodAuthEmail typeclass, allowing for different emails for account registration vs. forgot password
See pull request #1662

1.6.9

Added registerHelper and passwordResetHelper methods to the YesodAuthEmail class, allowing for customizing behavior for user registration and forgot password requests #1660
Exposed defaultRegisterHelper as default implementation for the above methods

1.6.8.1

Email: Fix typo in defaultEmailLoginHandler template #1605
Remove unnecessary deriving of Typeable

1.6.8

Dummy: Add support for JSON submissions #1619

1.6.7

Redirect behavior of clearCreds depends on request type #1598

1.6.6

Deprecated Yesod.Auth.GoogleEmail2, see #1579 and migration blog post

1.6.5

Add support for persistent 2.9 #1516, #1561

1.6.4.1

Email: Fix forgot-password endpoint #1537

1.6.4

Make registerHelper configurable #1524

Email: Immediately register with a password #1389 To configure this new functionality:

Define addUnverifiedWithPass, e.g:

addUnverified email verkey = liftHandler $ runDB $ do
  void $ insert $ UserLogin email Nothing (Just verkey) False
  return email

addUnverifiedWithPass email verkey pass = liftHandler $ runDB $ do
  void $ insert $ UserLogin email (Just pass) (Just verkey) False
  return email

Add a password field to your client forms.

1.6.3

Generalize GoogleEmail2.getPerson #1501

1.6.2

Remove MINIMAL praggma for authHttpManager #1489

1.6.1

Relax a number of type signatures #1488

1.6.0

Upgrade to yesod-core 1.6.0

1.4.21

Add redirectToCurrent to Yesod.Auth module for controlling setUltDestCurrent in redirectLogin #1461

1.4.20

Extend YesodAuthEmail to support extensible password hashing via hashAndSaltPassword and verifyPassword functions

1.4.19

Adjust English localization to distinguish between “log in” (verb) and “login” (noun)

1.4.18

Expose Yesod.Auth.Util.PasswordStore

1.4.17.3

Some translation fixes

1.4.17.2

Move to cryptonite from cryptohash

1.4.17.1

Some translation fixes

1.4.17

Add Show instance for user credentials Creds
Export pid type for identifying plugin
Fix warnings
Allow for a custom Email Login DOM with emailLoginHandler

1.4.16

Fix email provider #1330
Document JSON endpoints of Yesod.Auth.Email

1.4.15

Add JSON endpoints to Yesod.Auth.Email module
Export croatianMessage from Message module
Minor Haddock rendering fixes at Auth.Email module

1.4.14

Remove Google OpenID link #1309
Add CSRF Security check in registerHelperFunction #1302

1.4.13.5

Translation fix

1.4.13.4

Improved translations
peristent 2.6

1.4.13.3

Doc update (and a warning)

1.4.13.1

Add CSRF token to login form from Yesod.Auth.Dummy #1205

1.4.13

Add a CSRF token to the login form from Yesod.Auth.Hardcoded, making it compatible with the CSRF middleware #1161
Multiple session messages. #1187

1.4.12

Deprecated Yesod.Auth.GoogleEmail

1.4.11

Add Yesod.Auth.Hardcoded

1.4.9

Expose defaultLoginHandler

1.4.8

GoogleEmail2: proper error message when permission denied

1.4.7

add a runHttpRequest function for handling HTTP errors

1.4.6

Use nonce package to generate verification keys and CSRF tokens #1011

1.4.5

Adds export of email verify route #980

1.4.4

Add AuthenticationResult and authenticate function #959

1.4.3

Added means to fetch user’s Google profile #936

1.4.2

Perform onLogout before session cleaning #923

1.4.1.3

Updated french translation of Yesod.Auth.Message. #904

1.4.1

Dutch translation added.