Atom / RSS Feed Tokens not Permitting Feed Access to Private Feeds Anymore

Token generation for Activity Feed Atom / RSS has changed, and it does not allow accessing feeds without authorization anymore.

Go to any private project's Activity Feed
Click the RSS / Atom symbol
Try using the provided feed, i.e., its address + access token, in any external application

Feed, i.e., the file linked by the RSS / Atom symbol, cannot be accessed despite having an access token.

Feed can be accessed.

Here is a comparison between an old and a newly created RSS / Atom file address for the above sample repo. The generated token differs:

information about the old token

Generated for a downstream bug report in early 2022
Problem actually started occurring later, unfortunately, I cannot pinpoint a release
Access to the feed is still possible until today, from RSS readers as well as the W3 validator

information about the new token

Generated as of today
Reproducibile Activity feed token
No access from outside gitlab.com, neither from RSS readers nor from the W3 validator
W3 validator states "It looks like this is a web page, not a feed. I looked for a feed associated with this page, but couldn't find one. Please enter the address of your feed to validate."
- most probably this is the login page, rather than the CDN (Cloudflare?)
- i.e., is this a bug for downstream? Implementation of an authentication protocol required?

~~Revert to changes to RSS token generation code~~

Use personal feed token instead of the provided one, see [here](Stack Overflow)

Edited Dec 07, 2023 by Steffen Bondorf