diff --git a/app/models/user.rb b/app/models/user.rb
index 0320a620..f6c27146 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -26,6 +26,7 @@ class User < ActiveRecord::Base
     :dependent => :destroy
 
   before_create :ensure_authentication_token
+  alias_attribute :private_token, :authentication_token
   scope :not_in_project, lambda { |project|  where("id not in (:ids)", :ids => project.users.map(&:id) ) }
 
   def identifier
diff --git a/app/views/layouts/project.html.haml b/app/views/layouts/project.html.haml
index b2d023d4..7c5a162f 100644
--- a/app/views/layouts/project.html.haml
+++ b/app/views/layouts/project.html.haml
@@ -6,9 +6,9 @@
     = stylesheet_link_tag    "application"
     = javascript_include_tag "application"
     - if current_page?(tree_project_path(@project)) || current_page?(project_commits_path(@project))
-      = auto_discovery_link_tag(:atom, project_commits_url(@project, :atom, :ref => @ref), :title => "Recent commits to #{@project.name}:#{@ref}")
+      = auto_discovery_link_tag(:atom, project_commits_url(@project, :atom, :ref => @ref, :private_token => current_user.private_token), :title => "Recent commits to #{@project.name}:#{@ref}")
     - if request.path == project_issues_path(@project)
-      = auto_discovery_link_tag(:atom, project_issues_url(@project, :atom), :title => "#{@project.name} issues")
+      = auto_discovery_link_tag(:atom, project_issues_url(@project, :atom, :private_token => current_user.private_token), :title => "#{@project.name} issues")
     = csrf_meta_tags
     = javascript_tag do
       REQ_URI = "#{request.env["REQUEST_URI"]}";
diff --git a/spec/requests/commits_spec.rb b/spec/requests/commits_spec.rb
index 2bbd6b9f..e0897632 100644
--- a/spec/requests/commits_spec.rb
+++ b/spec/requests/commits_spec.rb
@@ -34,6 +34,16 @@ describe "Commits" do
       page.body.should have_selector("author email", :text => commit.author_email)
       page.body.should have_selector("entry summary", :text => commit.message)
     end
+
+    it "should render atom feed via private token" do
+      logout
+      visit project_commits_path(project, :atom, :private_token => @user.private_token)
+
+      page.response_headers['Content-Type'].should have_content("application/atom+xml")
+      page.body.should have_selector("title", :text => "Recent commits to #{project.name}")
+      page.body.should have_selector("author email", :text => commit.author_email)
+      page.body.should have_selector("entry summary", :text => commit.message)
+    end
   end
 
   describe "GET /commits/:id" do
diff --git a/spec/requests/issues_spec.rb b/spec/requests/issues_spec.rb
index c77316d6..85cee062 100644
--- a/spec/requests/issues_spec.rb
+++ b/spec/requests/issues_spec.rb
@@ -36,6 +36,16 @@ describe "Issues" do
       page.body.should have_selector("entry summary", :text => @issue.title)
     end
 
+    it "should render atom feed via private token" do
+      logout
+      visit project_issues_path(project, :atom, :private_token => @user.private_token)
+
+      page.response_headers['Content-Type'].should have_content("application/atom+xml")
+      page.body.should have_selector("title", :text => "#{project.name} issues")
+      page.body.should have_selector("author email", :text => @issue.author_email)
+      page.body.should have_selector("entry summary", :text => @issue.title)
+    end
+
     describe "Destroy" do
       before do
         # admin access to remove issue