diff --git a/Yesod/Auth.hs b/Yesod/Auth.hs
--- a/Yesod/Auth.hs
+++ b/Yesod/Auth.hs
@@ -91,6 +91,10 @@
 class (Yesod master, PathPiece (AuthId master), RenderMessage master FormMessage) => YesodAuth master where
     type AuthId master
 
+    -- | specify the layout. Uses defaultLayout by default
+    authLayout :: WidgetT master IO () -> HandlerT master IO Html
+    authLayout = defaultLayout
+
     -- | Default destination on successful login, if no other
     -- destination exists.
     loginDest :: master -> Route master
@@ -109,7 +113,7 @@
     loginHandler :: AuthHandler master RepHtml
     loginHandler = do
         tp <- getRouteToParent
-        lift $ defaultLayout $ do
+        lift $ authLayout $ do
             setTitleI Msg.LoginTitle
             master <- getYesod
             mapM_ (flip apLogin tp) (authPlugins master)
@@ -273,7 +277,7 @@
                 Nothing -> do
                     sendResponseStatus unauthorized401 =<< (
                       selectRep $ do
-                        provideRep $ defaultLayout $ toWidget [shamlet|<h1>Invalid login|]
+                        provideRep $ authLayout $ toWidget [shamlet|<h1>Invalid login|]
                         provideJsonMessage "Invalid Login"
                       )
                 Just ar -> loginErrorMessageMasterI ar Msg.InvalidLogin
@@ -288,6 +292,15 @@
                   provideJsonMessage "Login Successful"
               sendResponse res
 
+-- | same as defaultLayoutJson, but uses authLayout
+authLayoutJson :: (YesodAuth site, ToJSON j)
+                  => WidgetT site IO ()  -- ^ HTML
+                  -> HandlerT site IO j  -- ^ JSON
+                  -> HandlerT site IO TypedContent
+authLayoutJson w json = selectRep $ do
+    provideRep $ authLayout w
+    provideRep $ fmap toJSON json
+
 -- | Clears current user credentials for the session.
 --
 -- Since 1.1.7
@@ -304,7 +317,7 @@
 getCheckR :: AuthHandler master TypedContent
 getCheckR = lift $ do
     creds <- maybeAuthId
-    defaultLayoutJson (do
+    authLayoutJson (do
         setTitle "Authentication Status"
         toWidget $ html' creds) (return $ jsonCreds creds)
   where
diff --git a/Yesod/Auth/Email.hs b/Yesod/Auth/Email.hs
--- a/Yesod/Auth/Email.hs
+++ b/Yesod/Auth/Email.hs
@@ -168,7 +168,7 @@
     --
     -- Since 1.2.2
     confirmationEmailSentResponse :: Text -> HandlerT site IO Html
-    confirmationEmailSentResponse identifier = defaultLayout $ do
+    confirmationEmailSentResponse identifier = authLayout $ do
         setTitleI Msg.ConfirmationEmailSentTitle
         [whamlet|<p>_{Msg.ConfirmationEmailSent identifier}|]
 
@@ -221,7 +221,7 @@
 getRegisterR = do
     email <- newIdent
     tp <- getRouteToParent
-    lift $ defaultLayout $ do
+    lift $ authLayout $ do
         setTitleI Msg.RegisterLong
         [whamlet|
             <p>_{Msg.EnterEmail}
@@ -275,7 +275,7 @@
 getForgotPasswordR = do
     tp <- getRouteToParent
     email <- newIdent
-    lift $ defaultLayout $ do
+    lift $ authLayout $ do
         setTitleI Msg.PasswordResetTitle
         [whamlet|
             <p>_{Msg.PasswordResetPrompt}
@@ -307,7 +307,7 @@
                     lift $ setLoginLinkKey uid
                     redirect setpassR
         _ -> return ()
-    lift $ defaultLayout $ do
+    lift $ authLayout $ do
         setTitleI Msg.InvalidKey
         [whamlet|
 $newline never
@@ -358,7 +358,7 @@
         Nothing -> loginErrorMessageI LoginR Msg.BadSetPass
     tp <- getRouteToParent
     needOld <- maybe (return True) (lift . needOldPassword) maid
-    lift $ defaultLayout $ do
+    lift $ authLayout $ do
         setTitleI Msg.SetPassTitle
         [whamlet|
 $newline never
diff --git a/yesod-auth.cabal b/yesod-auth.cabal
--- a/yesod-auth.cabal
+++ b/yesod-auth.cabal
@@ -1,5 +1,5 @@
 name:            yesod-auth
-version:         1.2.5.2
+version:         1.2.5.3
 license:         MIT
 license-file:    LICENSE
 author:          Michael Snoyman, Patrick Brisbin
