OAuth 2.1 has no new features. It is OAuth 2.0 rolled up with all the specs since 2.0. It is the better place to start for learning about delegated authorization.
I wonder. Do open source oauth servers actually implement all of 2.0 these days? Do clients? What do they do for the bits the spec leaves... unspecified? My memory isn't the best but I remember ten or so years ago when the spec was fresh that so-called off the shelf servers at the time didn't actually implement anything of value, so had to write my own barebones version. I remember thinking the 1.x spec was actually better, but it didn't matter anyway because every real app would just write code targeting whatever it was that social media companies were doing and calling oauth. (One notable thing was not ever presenting the user with an HTTP Basic experience, and everyone is still addicted to JSON vs. form-encoded body parameters.)
Fair! I considered "OAuth 2.0 rolled up with all the specs since 2.0" an update, but you are correct. They specifically didn't want to set out any new features in OAuth 2.1.
From the spec:
"This Standards Track specification consolidates the information in all of these documents and removes features that have been found to be insecure..."