The latest version of Visual Studio Code Insiders now shows a prompt before you bring in a third-party MCP server. Neat! No more one-click command execution.| den.dev
The official MCP C# SDK now supports OAuth 2.0 authentication and RFC 9728 Protected Resource Metadata, making secure AI integrations simpler for .NET developers.| Hi, I'm Den 👋 on Den Delimarsky
Tired of agents making wrong assumptions about user input? Visual Studio Code now supports MCP elicitations, where servers can request structured input through the client's native UI, completely eliminating guesswork and tedium of interpreting LLM input.| den.dev
The web is drowning in AI slop and SEO spam. BlogScroll is my small act of rebellion - a curated directory of real humans writing about real things.| Hi, I'm Den 👋 on Den Delimarsky
The Model Context Protocol got auth right, but that doesn’t mean you should implement it yourself. Here’s why API gateways are usually the better choice, and what that really costs you.| den.dev
MCP authorization spec now requires RFC 8707 implementation to prevent token misuse and phishing attacks. Here’s how the resource parameter works and why it matters for your MCP deployments.| Writing on Den Delimarsky
Recent experiences with Model Context Protocol development, including conferences, security work, and community updates from Build, MCP Developer Summit, and AI Engineer World’s Fair.| Writing on Den Delimarsky
AI agents aren't replacing developers - they're amplifying what skilled engineers can accomplish. The job replacement panic might just be the wrong place to channel our energy into.| den.dev
See how the latest Visual Studio Code Insiders builds seamlessly integrate with both new and legacy MCP authorization specs, offering a frictionless developer experience for accessing protected MCP servers with any OAuth provider.| den.dev
Learn how to protect Model Context Protocol (MCP) servers from confused deputy attacks when implementing Dynamic Client Registration, and how Azure API Management can help mitigate these security risks.| den.dev
A super-quick overview of the new MCP authorization specification and how it improves security and flexibility for MCP servers.| Writing on Den Delimarsky
Fix that annoying issue where authentication windows appear behind your MCP client by implementing smarter window handle discovery. This walkthrough shows you how to properly parent WAM dialogs to VS Code, Claude Desktop, and other MCP clients.| Hi, I'm Den 👋 on Den Delimarsky
Implement secure, enterprise-ready Model Context Protocol (MCP) servers protected by Entra ID authentication using Azure API Management and Azure Functions. This complete guide walks you through creating a confidential client architecture that protects sensitive tokens while enabling secure LLM tool access.| Hi, I'm Den 👋 on Den Delimarsky
Learn how to authenticate local Model Context Protocol servers with Entra ID using Windows Web Account Manager (WAM). This practical guide shows how to implement interactive user authentication in local MCP servers without complex OAuth flows.| Hi, I'm Den 👋 on Den Delimarsky
The Model Context Protocol introduces familiar security challenges we’ve seen before. Let’s not ignore them and step on the same rakes millions stepped on before.| Hi, I'm Den 👋 on Den Delimarsky
A new Model Context Protocol RFC proposes using a smoother path to using existing identity providers instead of building your own from scratch to protect your MCP server.| den.dev
Learn how to use OpenSpartan Forerunner, a Model Context Protocol server that brings your Halo Infinite game data directly into LLM tools like VS Code and Claude Desktop for seamless AI-powered game analysis.| den.dev
I had a customer conversation earlier last week where an interesting scenario popped up - they were using Entra ID to protect their API hosted in Azure Functions, and wanted to make sure that they can use the access token for other Azure API access. The authentication they used was what’s known as Easy Auth.| Hi, I'm Den 👋 on Den Delimarsky
Just a week ago I was talking about an approach to authenticating into MCP servers with Entra ID. While the approach was OK as a prototype, it had some interesting aspects to it that might or might not work depending on the context. But what if we could improve this a bit?| Hi, I'm Den 👋 on Den Delimarsky
Not too long ago, Anthropic put forward a draft specification that outlines how authentication and authorization works in the context of MCP. It's pretty vanilla in terms of what you'd expect from an OAuth-based implementation, but it gets a bit trickier if we try and integrate Microsoft Entra ID into it.| den.dev
Entra ID has this thing called “flexible Federated Identity Credentials”, or “flexible FIC” for short. You might be confused a bit by the very long name, but behind the term is a really powerful capability that I hope to cover well enough in this post.| Den Delimarsky ✨ on Den Delimarsky
DeckSurf, my open-source SDK that covers the reverse-engineered protocol for interacting with Stream Deck devices, is now more-or-less complete in terms of devices it can identity and run against.| den.dev
I’ve been running a podcast for close to half a decade now, called The Work Item. Publishing new episodes generally takes a bit of time because of all the prep work that needs to happen beforehand. I now get to use AI to automate a pretty tedious part of the process.| den.dev
If you are a software engineer, product manager, data scientist, or in any other role that deals with technology and you are not using Large Language Models, you are missing out on some key productivity boosters. Consider this anecdata, but what I managed to accomplish with my podcast website, arguably a relatively simple project, is a bellwether for things to come across the industry.| Den Delimarsky ✨ on Den Delimarsky
I am always on the lookout for ways to make my life easier with the help of computers, and one of the more recent things that I started using is really helping me in this domain - the @vision extension for GitHub Copilot.| den.dev
How to monitor the traffic coming from your iPhone with mitmproxy.| den.dev
A little experiment in using GitHub Copilot REST APIs inside GitHub Actions to avoid manually parsing text bodies.| Den Delimarsky 🚀 on Den Delimarsky
What’s a start to the year without some changes. Well, at least for me and my family the change meant a switch of teams and organizations within Microsoft.| Den Delimarsky 🚀 on Den Delimarsky
Recently, I've been running _a lot_ of GitHub Actions. Primarily because I automated some data collection for my Halo Infinite projects, and as part of that I get a lot of workflow logs. I wanted to clean them up.| den.dev
The year is 2025. The internet in the shape that we’ve known it in the early 2000s is no longer there. Or, not quite in the shape that we’ve seen it before. This is not just plain nostalgia talking - the vibrant ecosystem of blogs, feeds, personal sites, and forums has been usurped by a few mega-concentrated players.| Den Delimarsky 🔐 on Den Delimarsky
How to find that extremely convoluted command you typed in three months ago that you can’t find in your PowerShell history.| Den Delimarsky 🔐 on Den Delimarsky
2024 is coming to an end, and I wanted to share an experience that my wife and I classified as one of the most memorable from the past year - troll spotting, right here, in the Pacific Northwest.| den.dev
How to look inside the protocol workings of the Stream Deck Plus, the flexible and versatile button box that can do almost anything.| Den Delimarsky 🔐 on Den Delimarsky
PowerToys 0.87.1 dropped today, and with it (well, technically one point release before), a new PowerToys Awake dropped as well.| den.dev
Experian, the multinational consumer credit reporting and data aggregator company, is planning to sell off more of your data to third-parties starting February 5, 2025.| Den Delimarsky 🔐 on Den Delimarsky
An outline of how you can extract icons from Windows binaries and dump them into a local folder.| Den Delimarsky 🔐 on Den Delimarsky
I discovered that you can get anyone’s true email address (Google Account) if they are hosting their email on Google Workspaces from their alias, even if the alias is not on the same domain.| Den Delimarsky 🔐 on Den Delimarsky
The other day one of my friend shared an interesting letter they received, that I thought I’d cover on this blog. It all started with them peeking at their USPS Informed Delivery digest to see that there was a letter headed to them postmarked with an automated Canada Post label.| den.dev
A short overview of how modern app stores can lead you or your relatives to install authenticator apps that are not really authenticator apps.| Den Delimarsky 🔐 on Den Delimarsky
I have nothing against the concept of aliases at its core, but I have a lot to say about it being treated as some kind of security barrier against the bad guys and gals busting into your private accounts. Email aliases are a privacy and not a security measure.| Writing on Den Delimarsky
It finally happened - after a bit more than a year of playing Halo Infinite, I’ve finally reached the end of the line. The pinnacle of experience-based rank, if you will - Hero.| Writing on Den Delimarsky
A collection of photos from the event.| Writing on Den Delimarsky
I finally reached the Hero rank in Halo Infinite, and as the primary dogfood-er of the OpenSpartan Workshop project I ran into issues where the Hero rank was not correctly rendered in the app. With this release, it’s now correctly shown.| Writing on Den Delimarsky
A few people were reporting problems with the Windows App SDK, so I released a new version of OpenSpartan Workshop that fixes the issue.| Writing on Den Delimarsky
Diving into the Halo Infinite lesser-known post-match film data.| Writing on Den Delimarsky
The latest dataset for Fleetcom is now available on GitHub.| Writing on Den Delimarsky
Let’s talk a bit more about the Exchange. I’ve discussed its API implementation on my blog when it first came out in retail builds of Halo Infinite, but now that I am growing the content on the OpenSpartan website, I decided to start documenting my API explorations here. After all, it’s all at home with the rest of the Halo-related tinkering that I am doing.| Writing on Den Delimarsky
The latest dataset for Anvil is now available on GitHub.| Writing on Den Delimarsky
If you haven’t yet noticed, there is a [brand-new release on GitHub of OpenSpartan Workshop 1.0.8. In terms of new features, this build is a bit light - it comes on the heels of the Operation Fleetcom, which introduced a new date format that I did not recognize for seasonal ranges, resulting in the application crashing. This has been fixed.| Writing on Den Delimarsky
I’ve spent some time optimizing OpenSpartan Workshop (the latest release is definitely mostly a performance improvement), and so you can now enjoy the fruits of my labor.| Writing on Den Delimarsky
Get a glimpse into the aggregated playlist wait times for Halo Infinite.| Writing on Den Delimarsky
A new version of OpenSpartan Workshop is released, adding support for The Exchange, ranked tier counterfactuals, comprehensive event tracking, a faster match search, and more.| Writing on Den Delimarsky
Another week, another release of OpenSpartan Workshop (1.0.3, build ESCHARUM-03052024)! This one was a fun to build because it introduces a few improvements that will delight its users.| Writing on Den Delimarsky
Maintenance release inbound! I had to fix a few bugs with the performance of the application, add some parallelization, and update the installer to make sure that the .NET components are not uninstalled when the upgrade of OpenSpartan Workshop happens.| Writing on Den Delimarsky
Right after the release of the first version of OpenSpartan Workshop, I am following-up with an update that adds some quality-of-life improvements and some minor new functionality. You can get the latest release on GitHub.| Writing on Den Delimarsky
The first version of OpenSpartan Workshop is officially out.| Writing on Den Delimarsky
This is a collection from a recent trip to Hawai’i (Big Island). Hands down, one of my favorite places in the world.| Hi, I'm Den :wave: on Den Delimarsky
I've talked before about Microsoft Authentication Library (MSAL) for .NET on this blog, but I feel like I should bring attention to another product that our team ships that is massively adopted in the community - MSAL Python.| den.dev
As I was building OpenSpartan Workshop for Windows I needed the ability to convert a hexadecimal HTML color code to a SolidColorBrush object. Unlike with previous UI frameworks, WinUI 3 (which is what I use) doesn’t have a built-in construct for this kind of conversion. Naturally, I had to improvise.| Hi, I'm Den :wave: on Den Delimarsky
This past weekend most of the Greater Seattle got to experience the thunder of US Navy Blue Angels jets buzzing the trees around the city as part of Seafair. I decided to take the time and actually venture out around the city to take some good photos this year.| Hi, I'm Den :wave: on Den Delimarsky
So, check this little idea that I have - I want to browse the internet without all sorts of unscrupulous actors collecting every little bit of metadata on me and my family they can possibly get their hands on.| den.dev
Way overdue, but with the release of Microsoft PowerToys 0.83.0, my very own PowerToys Awake comes in tow with a bunch of improvements that I wanted to do for a long time. This release is codenamed DAISY023, in reference to, of course, Daisy-023.| den.dev
As part of the work on OpenSpartan Workshop I needed the capability to convert a Xbox gamertag into its immutable identifier - the Xbox user ID, also commonly known as the XUID. My plan was to add the option for someone to find all the matches where they played with a specific player.| den.dev
OK, look - I am not the one to tell you that you absolutely have to track your stats for a damn video game, but I am the kind of person that finds a certain fun in that, just like I find the fun in reverse-engineering the entire Halo Infinite API. There is a certain beauty in looking at your own numbers, even if they are for some meaningless, entirely made-up progression system.| Hi, I'm Den :wave: on Den Delimarsky
How to easily create automatic rich captions for your videos in DaVinci Resolve without having to pay for the Studio version or using third-party plugins.| den.dev
I talked about Halo Infinite career ranks some time ago, but I kept needing to come back to the idea that I just wanted to have a quickly accessible list that just tells me what rank experience requirements are and how far along to Hero each rank is. No ads, no, fluff, just the table. Said table is now here.| den.dev
With the launch of Halo Infinite in 2021, 343 Industries introduced the concept of battle passes in Halo. The concept itself is not new in the gaming industry per-se, but it’s new to Halo. It’s effectively a limited time opportunity for players to earn in-game rewards during what is referred to as a season (although that term becomes a bit overloaded now).| den.dev
Just yesterday the new build of Halo Infinite dropped. With this build, one of the biggest changes that graced us with its presence is The Exchange - a new virtual venue where a player can use a new in-game currency, Spartan Points, to acquire all sorts of already known cosmetics.| den.dev
To remove the toil of writing authentication code directly, our team at Microsoft has been working on adding a new tool to the developer toolbox - an authentication broker.| den.dev
How I dove into the Halo Infinite AMQP API to dig for treasure - wait times for every single playlist available.| den.dev
There's a good reason why I don't want a cloud account to manage my networking infrastructure.| den.dev
How to get your game build identifier without firing up Fiddler.| den.dev
How to collect and aggregate MSAL metrics in the cloud with minimal code.| den.dev
How to track your own Halo Infinite service record with the game REST API.| den.dev
How to understand which maps and modes are more likely to come up in Halo Infinite games.| den.dev
The Microsoft Identity Authentication SDK team is looking for a TPM to help us corral developer security processes at Microsoft.| den.dev
Bringing comments back to my blog, powered by GitHub.| den.dev
How to use the built-in networkquality tool to analyze and track your internet connection speed.| den.dev
A quick personal recap of the first year attending Halo World Championship in person.| den.dev
How to query the career rank API to understand tier requirements and get an idea of emblems and rewards.| den.dev
You can now see some missing medals on Halo Waypoint. Here is how to get to them from the API.| den.dev
A non-comprehensive list of tools embedded into Windows that can save you precious time and frustration.| den.dev
As a product manager, it’s kind of beaten into us from the early days that you should never listen to your customers for solutions. Yet, it’s common to see the opposite.| den.dev
If product management was ever perfected and applied evenly to every single company and industry, we'd likely _swim_ in products that solve all our problems. Unfortunately, good product management is unevenly distributed and often takes on patterns and practices that are very far from optimal.| den.dev
Time for another update on my "whenever I have time" project - OpenSpartan. I've done a few changes to the code base preparing for the first public alpha.| den.dev
As I am building OpenSpartan as the experience to analyze stats for Halo Infinite, I wanted to have a quicker way to analyze my performance.| den.dev
I was recently setting up a new Windows machine for work - a desktop machine that actually has enough storage for me to run local SQL experimentation. I diligently followed the steps to create a bootable Windows 11 Enterprise USB, got the disks properly formatted, installed the OS, and tried to start customizing everything to my liking only to hit a brick wall.| den.dev
As folks might know, in my free time I am building a Halo Infinite companion app called OpenSpartan. It now supports medal visualization.| den.dev
An update on the OpenSpartan development and how data within the app is stored.| den.dev
I alluded to the fact that in my free time I am building a little project called OpenSpartan. I thought I'd share a bit more as to what it is.| den.dev
The new PowerToys are out (we’re at version 0.70.0) and with it comes a new version of Awake, the caffeinate tool that folks are used to on a Mac, brought to life on Windows.| den.dev
How to write API documentation that nobody can use, read, or use as reference.| den.dev
I am both surprised and not surprised - AWS announced (close to a month ago) the fact that they are retiring the AWS documentation on GitHub.| den.dev
I thought that it’s worth for me to at least try to use Linux as a daily driver and build my own opinion about the operating system.| den.dev
If there would be some absurd world where I would be able to choose two pieces of the common vocabulary that should just vanish, it would be "just" and "works for me." We, folks in tech, got way too comfortable throwing these around.| den.dev
I host media content related to this blog in an Azure Blob Storage account that is exposed publicly via a CDN. Here is how I manage the caching configuration.| den.dev
I am ashamed to admit that for all the nerding out I am doing around Halo I did not know that there is a Halo Museum up until a few weeks ago.| den.dev
I am a big believer in good documentation being an essential part of the product. Good docs are hard to come by for several reasons, not the least being the fact that writing good docs is hard.| den.dev
I decided to host a static site on Azure App Service. I also decided that it would be nice if I could restrict who could access the site.| den.dev
If you are building software on Azure, you’ve likely stumbled across the concept of managed identity. In layman’s terms, a managed identity is an automatically provisioned and managed identity resource that can be used to access other resources in Azure.| den.dev