diff --git a/app/models/user.rb b/app/models/user.rb
index 0320a6208eb2a7e255648252d3fe593ba8bd4a2c..f6c271467dd7bf33d0c262c351b087a41cecc1d6 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -26,6 +26,7 @@ class User < ActiveRecord::Base
     :dependent => :destroy
 
   before_create :ensure_authentication_token
+  alias_attribute :private_token, :authentication_token
   scope :not_in_project, lambda { |project|  where("id not in (:ids)", :ids => project.users.map(&:id) ) }
 
   def identifier
diff --git a/app/views/layouts/project.html.haml b/app/views/layouts/project.html.haml
index b2d023d4a721d0827a1a07beb4dddadc5210fdad..7c5a162f22f8a3abc50f7db3eca01d6cab97d0a6 100644
--- a/app/views/layouts/project.html.haml
+++ b/app/views/layouts/project.html.haml
@@ -6,9 +6,9 @@
     = stylesheet_link_tag    "application"
     = javascript_include_tag "application"
     - if current_page?(tree_project_path(@project)) || current_page?(project_commits_path(@project))
-      = auto_discovery_link_tag(:atom, project_commits_url(@project, :atom, :ref => @ref), :title => "Recent commits to #{@project.name}:#{@ref}")
+      = auto_discovery_link_tag(:atom, project_commits_url(@project, :atom, :ref => @ref, :private_token => current_user.private_token), :title => "Recent commits to #{@project.name}:#{@ref}")
     - if request.path == project_issues_path(@project)
-      = auto_discovery_link_tag(:atom, project_issues_url(@project, :atom), :title => "#{@project.name} issues")
+      = auto_discovery_link_tag(:atom, project_issues_url(@project, :atom, :private_token => current_user.private_token), :title => "#{@project.name} issues")
     = csrf_meta_tags
     = javascript_tag do
       REQ_URI = "#{request.env["REQUEST_URI"]}";
diff --git a/spec/requests/commits_spec.rb b/spec/requests/commits_spec.rb
index 2bbd6b9f10447e200c656965625c2b938612517d..e0897632c03ff3f4b84c7b19d9ed6ce3783b6162 100644
--- a/spec/requests/commits_spec.rb
+++ b/spec/requests/commits_spec.rb
@@ -34,6 +34,16 @@
       page.body.should have_selector("author email", :text => commit.author_email)
       page.body.should have_selector("entry summary", :text => commit.message)
     end
+
+    it "should render atom feed via private token" do
+      logout
+      visit project_commits_path(project, :atom, :private_token => @user.private_token)
+
+      page.response_headers['Content-Type'].should have_content("application/atom+xml")
+      page.body.should have_selector("title", :text => "Recent commits to #{project.name}")
+      page.body.should have_selector("author email", :text => commit.author_email)
+      page.body.should have_selector("entry summary", :text => commit.message)
+    end
   end
 
   describe "GET /commits/:id" do
diff --git a/spec/requests/issues_spec.rb b/spec/requests/issues_spec.rb
index c77316d6452485a6622bdaebd24978b345cc044b..85cee062ded23ef73a7b5be5e022e16d98490332 100644
--- a/spec/requests/issues_spec.rb
+++ b/spec/requests/issues_spec.rb
@@ -36,6 +36,16 @@
       page.body.should have_selector("entry summary", :text => @issue.title)
     end
 
+    it "should render atom feed via private token" do
+      logout
+      visit project_issues_path(project, :atom, :private_token => @user.private_token)
+
+      page.response_headers['Content-Type'].should have_content("application/atom+xml")
+      page.body.should have_selector("title", :text => "#{project.name} issues")
+      page.body.should have_selector("author email", :text => @issue.author_email)
+      page.body.should have_selector("entry summary", :text => @issue.title)
+    end
+
     describe "Destroy" do
       before do
         # admin access to remove issue