Found my todo list for 2026 kylegabriel.com/projects/202...

TIL about UIScreenshotService which enables iOS apps to provide a high res PDF screenshot of the app content when the user uses the system screenshot action! Chrome uses this to give a full export of the page!

Thanks! That bit is hand written.

I'm impressed, Cathay Pacific transferred my vegetarian meal request to the new flight they moved me to after the incoming flight was late and missed the connection. Normally airlines say oh well you didn't reserve the meal 72 hours before the flight.

Happy final Daylight Savings Time Eve to all our friends in British Columbia! I hope we can join you on the other side soon!

I'm setting up a temporary laptop for my next trip and it's shocking how much faster the cross-device passkey flow is compared to looking up and hand typing my long 1Password passwords

Oh crazy, I didn't realize that. Yeah they should really add that.

Sorry why wouldn't they be able to do client authentication with CIMDs? There's a description of how to do that in the spec.

Inspired by some #indieweb folks creating /caw pages on their websites, I made one of my own! Here you can listen to the most recent crow recorded from my house:

aaronparecki.com/caw/

Apparently I missed the introduction of the 4.4mm TRRRS audio jack 10 years ago and just now discovered it. What a cool idea.

I'd be happy to talk, what we need right now is to demonstrate that the people who run websites you'd be logging in to also want to improve their UX with FedCM. Feel free to send people my way

Oh crap I just realized the "it" he was referring to was probably the food, not his critical thinking.

"I'll just check my critical thinking and nuke it in the microwave" has to be my favorite quote from this Business Insider video on Trader Joe's white-labeled food

Me looking at my todo list on a Sunday night after having done at least a couple things today, yet somehow it looks more like a list of what I did *not* do today.

oh no, due to a series of misclicks, I just accidentally archived the most recent 100 emails in my inbox.

if nothing else, reviewing my "all mail" folder is doing a good job of making me question how important emails in my inbox actually are.

GitHub - aaronpk/Meetable: an event listing website an event listing website. Contribute to aaronpk/Meetable development by creating an account on GitHub.

Not that this is a 1:1 replacement, but it is one of the reasons I built Meetable.org, so communities can create their own calendars on their own domains.

Client Registration and Enterprise Management in the November 2025 MCP Authorization Spec The new MCP authorization spec is here! Today marks the one-year anniversary of the Model Context Protocol, and with it, the launch of the new 2025-11-25 specification. I’ve been helping out with the ...

🔐 Enterprise-Managed Authorization extension (aka Cross App Access) - eliminate the OAuth redirect and get tokens for an MCP server by requesting them from the enterprise IdP

Read more about what these mean for you in my full post
👉 aaronparecki.com/2025/11/25/1...

The new MCP spec just dropped! 🎉

There's too many new things to get into everything, but there are two big changes I am most excited about 👀

📝 Client ID Metadata Documents (CIMD) - a simpler way to manage client registrations, clients describe themselves with a URL they control

I don't know anything about the protocol but if they support the same OAuth spec as ATProto and same user ID discovery it would work

even with all the emoji? lol

👍👍

The dots that Solid OIDC connected were to specifically use the RFC7591 vocabulary in a JSON doc at the client ID URL, whereas IndieAuth originally parsed the metadata from HTML, and OpenID Federation nests the metadata inside an "Entity Statement" JSON wrapper.

I mean it was a big mix of things really. Most recently the JSON document idea came from there, but "client IDs as URLs" has been part of IndieAuth since 2015 web.archive.org/web/20150315... and OpenID Federation since 2016 openid.net/specs/openid...

Yeah I definitely went hard mode by writing everything from scratch (except the JWT signing). Partly because I wanted to see what it actually takes to implement a library, partly because I can't stand the current state of most language's package management 😅

Adding Support for BlueSky to IndieLogin.com Today I just launched support for BlueSky as a new authentication option in IndieLogin.com!

I just finished adding BlueSky support to IndieLogin.com! Now you can log in to websites like indieweb.org with your BlueSky handle!

CIMD - OAuth Client ID Metadata Documents Learn about Client ID Metadata Documents (CIMD) - a new OAuth approach that lets clients identify themselves using URLs instead of preregistration. Presented by Stytch.

The folks at Stytch put together a really nice explainer website about it too! cimd.dev

This could replace Dynamic Client Registration in MCP, dramatically simplifying management of clients, as well as enabling servers to limit access to specific clients if they want.

The recent surge in interest in MCP has further demonstrated the need for this to be a standardized mechanism, and was the main driver in the latest round of discussion for the document!

The mechanism of clients identifying themselves as a URL has been in use in IndieAuth for over a decade, and more recently has been adopted by BlueSky for their OAuth API.

Clients identify themselves with their own URL, and host their metadata (name, logo, redirect URL) in a JSON document at that URL. They then use that URL as the client_id to introduce themselves to an authorization server for the first time.