diff --git a/CHANGELOG.md b/CHANGELOG.md
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,9 +3,15 @@
 All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
-and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
+and this project adheres to [PVP Versioning](https://pvp.haskell.org/).
 
 ## [Unreleased]
+
+## [0.4.0.0] - 2020-10-06
+
+- Support for GHC 8.10 by @domenkozar
+- Support servant 0.18 by @domenkozar
+- Move `ToJWT/FromJWT` from servant-auth-server
 
 ## [0.3.2.0] - 2018-06-18
 
diff --git a/servant-auth.cabal b/servant-auth.cabal
--- a/servant-auth.cabal
+++ b/servant-auth.cabal
@@ -1,5 +1,5 @@
 name:           servant-auth
-version:        0.3.2.0
+version:        0.4.0.0
 synopsis:       Authentication combinators for servant
 description:    This package provides an @Auth@ combinator for 'servant'. This combinator
                 allows using different authentication schemes in a straightforward way,
@@ -17,7 +17,7 @@
 copyright:      (c) Julian K. Arni
 license:        BSD3
 license-file:   LICENSE
-tested-with:    GHC == 7.10.3, GHC == 8.0.2, GHC == 8.2.2, GHC==8.4.3
+tested-with:    GHC == 8.2.2, GHC == 8.4.4, GHC == 8.6.5, GHC == 8.8.1, GHC == 8.10.2
 build-type:     Simple
 cabal-version:  >= 1.10
 extra-source-files:
@@ -33,7 +33,14 @@
   default-extensions: AutoDeriveTypeable ConstraintKinds DataKinds DefaultSignatures DeriveFoldable DeriveFunctor DeriveGeneric DeriveTraversable FlexibleContexts FlexibleInstances FunctionalDependencies GADTs KindSignatures MultiParamTypeClasses OverloadedStrings RankNTypes ScopedTypeVariables TypeFamilies TypeOperators
   ghc-options: -Wall
   build-depends:
-      base >= 4.8 && < 4.12
+      base                    >= 4.10     && < 4.15
+    , aeson                   >= 1.3.1.1  && < 1.6
+    , jose                    >= 0.7.0.0  && < 0.9
+    , lens                    >= 4.16.1   && < 4.20
+    , servant                 >= 0.15     && < 0.19
+    , text                    >= 1.2.3.0  && < 1.3
+    , unordered-containers    >= 0.2.9.0  && < 0.3
   exposed-modules:
       Servant.Auth
+      Servant.Auth.JWT
   default-language: Haskell2010
diff --git a/src/Servant/Auth.hs b/src/Servant/Auth.hs
--- a/src/Servant/Auth.hs
+++ b/src/Servant/Auth.hs
@@ -1,11 +1,29 @@
+{-# LANGUAGE CPP                        #-}
+{-# LANGUAGE DataKinds                  #-}
 {-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE TypeFamilies               #-}
+{-# LANGUAGE TypeOperators              #-}
 module Servant.Auth where
 
+import           Data.Proxy          (Proxy(..))
+import           Servant.API         ((:>))
+import           Servant.Links       (HasLink (..))
+
 -- * Authentication
 
 -- | @Auth [auth1, auth2] val :> api@ represents an API protected *either* by
 -- @auth1@ or @auth2@
 data Auth (auths :: [*]) val
+
+-- | A @HasLink@ instance for @Auth@
+instance HasLink sub => HasLink (Auth (tag :: [*]) value :> sub) where
+#if MIN_VERSION_servant(0,14,0)
+  type MkLink (Auth (tag :: [*]) value :> sub) a = MkLink sub a
+  toLink toA _ = toLink toA (Proxy :: Proxy sub)
+#else
+  type MkLink (Auth (tag :: [*]) value :> sub) = MkLink sub
+  toLink _ = toLink (Proxy :: Proxy sub)
+#endif
 
 -- ** Combinators
 
diff --git a/src/Servant/Auth/JWT.hs b/src/Servant/Auth/JWT.hs
new file mode 100644
--- /dev/null
+++ b/src/Servant/Auth/JWT.hs
@@ -0,0 +1,33 @@
+module Servant.Auth.JWT where
+
+import           Control.Lens         ((^.))
+import qualified Crypto.JWT           as Jose
+import           Data.Aeson           (FromJSON, Result (..), ToJSON, fromJSON,
+                                       toJSON)
+import qualified Data.HashMap.Strict  as HM
+import qualified Data.Text            as T
+
+
+-- This should probably also be from ClaimSet
+--
+-- | How to decode data from a JWT.
+--
+-- The default implementation assumes the data is stored in the unregistered
+-- @dat@ claim, and uses the @FromJSON@ instance to decode value from there.
+class FromJWT a where
+  decodeJWT :: Jose.ClaimsSet -> Either T.Text a
+  default decodeJWT :: FromJSON a => Jose.ClaimsSet -> Either T.Text a
+  decodeJWT m = case HM.lookup "dat" (m ^. Jose.unregisteredClaims) of
+    Nothing -> Left "Missing 'dat' claim"
+    Just v  -> case fromJSON v of
+      Error e -> Left $ T.pack e
+      Success a -> Right a
+
+-- | How to encode data from a JWT.
+--
+-- The default implementation stores data in the unregistered @dat@ claim, and
+-- uses the type's @ToJSON@ instance to encode the data.
+class ToJWT a where
+  encodeJWT :: a -> Jose.ClaimsSet
+  default encodeJWT :: ToJSON a => a -> Jose.ClaimsSet
+  encodeJWT a = Jose.addClaim "dat" (toJSON a) Jose.emptyClaimsSet
