CHANGELOG.md in rodauth-oauth-0.4.0 vs CHANGELOG.md in rodauth-oauth-0.4.1

- old
+ new
@@ -1,8 +1,18 @@
 # CHANGELOG
 
 ## master
 
+### 0.4.1
+
+### Improvements
+
+When in "Resource Server" mode, calling `rodauth.authorization_token` will now return an hash of the JSON payload that the Authorization Server responds, and which was already previously used to authorize access to protected resources.
+
+### Bugfixes
+
+* An error ocurred if the client passed an empty authorization header (`Authorization: ` or `Authorization: Bearer `), causing an unexpected error; It now responds with the proper `401 Unauthorized` status code.
+
 ### 0.4.0
 
 ### Features
 
 * A new method, `get_additional_param(account, claim)`, is now exposed; this method will be called whenever non-OIDC scopes are requested in the emission of the ID token.
\ No newline at end of file