MIT licensed by Patrick Brisbin, later changes Paul Rouse
Maintained by Paul Rouse
This version can be pinned in stack with:yesod-auth-hashdb-,3396

Module documentation for

This package is the Yesod.Auth.HashDB plugin, originally included as part of yesod-auth, but now modified to be more secure and placed in a separate package.

It provides authentication using hashed passwords stored in a database, and works best in situations where an administrator is involved in setting up a user with an initial password.

The complete login process, including a default form, is implemented by this plugin, but the application developer must design the interfaces for setting up users and allowing them to change their own passwords, since only the low-level password-setting functions are provided by this package. (Note that other authentication plugins may be more appropriate if you wish to use email verification to set up accounts).


  • Minor documentation improvement
  • Reduce external-library dependencies for tests


  • Include CSRF token in default form


This release can break both old code and old database entries. For details of upgrading, please see

  • First phase of removing compatibility with old databases designed for versions before 1.3
  • Remove deprecated utilities (getAuthIdHashDB and pre-defined User data type)


  • Changes to work with persistent-2.5

  • Relax upper bound to allow persistent-2.2.*

  • Add ChangeLog


  • Deprecate getAuthIdHashDB (see #5)

  • Use internationalized messages
  • Increase defaultStrength

  • Minor documentation change


  • Expose additional validation function which does not need to read the database
  • Deprecate compatibility with old data which includes a salt field


  • Changes for Yesod 1.4


  • Documentation improvement


  • Optional custom login form
  • Deprecate predefined User data type
  • Changes for Persistent 2

  • Version bounds
  • Minor documentation changes


  • First release as a separate package, not part of yesod-auth