@btrem.com: Here is what I found with an ICS file behind authentication. I set up Basic authentication for this URL: https://staging.gregorlove.com/indieweb/ics/calendar.ics The username and password for this are both “guest”. In the browser, this is working as expected. The initial, unauthenticated request responds with an HTTP header: WWW-Authenticate: Basic realm="[realm_name]" The browser pops up the sign-in prompt. After entering that, it requests the URL again, adding the header: Authorization: Basic [hash]…

@btrem.com: Here is what I found with an ICS file behind authentication.

I set up Basic authentication for this URL:
https://staging.gregorlove.com/indieweb/ics/calendar.ics

The username and password for this are both “guest”.

In the browser, this is working as expected. The initial, unauthenticated request responds with an HTTP header:
WWW-Authenticate: Basic realm="[realm_name]"

The browser pops up the sign-in prompt. After entering that, it requests the URL again, adding the header:
Authorization: Basic [hash]

As long as that Authorization header has the correct hash, the ICS file will be accessible. In browser, it prompts to download the file. In a calendar using webcal, it should instead pass the ICS off to be polled on an ongoing basis.

I don’t currently have Thunderbird or another calendar software to test this. Notably, Google Calendar does not appear to support subscribing to authenticated ICS. However, if your calendar supports Basic authentication, you should be able to add this URL, enter the credentials when the calendar prompts, then it will handle sending the necessary Authorization header each time it polls the ICS. The credentials prompt should be a one-time thing and it should be directly in the calendar software.

June 27, 2025