olillin
commented
1 day ago An alternative to using authentication tokens would be making the calendar URI:s randomized. A request could be made to the server containing which calendars the user wants, and the server would respond with the "secret link" which is practically unguessable.
Problem
Currently the calendars are public and anyone can access them. Which is great for accessibility, however that also means any information in the calendars is available to people (and bad actors) outside the IT-section at Chalmers. Especially sensitive is locations and times.
Suggested Solution
Require login with Gamma to access Chalmers-specific calendars. This includes hiding them in the calendar picker and making the calendar endpoint require some sort of user-specific authentication token to download the calendar.