The difficult/time expensive part would be to create an alternative user login. As ICS requires a simple URL to load the events from, there needs to be an extra ICS download key for each user, that can be put into the URL's query string to enable the ICS download...
@MitjaStachowiak Good news! — Each user already has an automatically generated field in their user hash called
rss_token. It is semi-private key that is used in conjunction with the uid to protect RSS feeds from uid enumeration.
You can get a user's feed token by calling
await user.auth.getFeedToken(uid) (it generates one if the user account doesn't already have one.)
There are other places where this token can be used, although right now it is only used in the RSS functionality. It will not go away (not without ample warning, anyway.) In the future, we may rename
rss_token to something more generic.
When I say that
rss_token is "semi-private" I mean that it is sent to the browser in plain text (you can see it if you investigate the URL for this topic's RSS feed). It's hidden from other users insomuch that you can't easily find out someone else's
rss_token, but that's about it.