Jupyterhub returns 503 when 403 is expected

Hello Jupyter community,

I am working on the integration of JupyterHub with our main application. We would like the user to be signed out of jupyterhub if they sign out of the main application. For this, i have implemented the refresh_user method on our custom Authenticator. So far, everything works fine. But when we detect that the user’s session has expired, I want to force the user to log out like this:

async def refresh_user(self, user, handler):
    token = handler.get_cookie('sessionToken)
    if is_valid_token(token):
       return user
       handler.redirect(self.signin_url)  # signin_url is a path to our main application hosted on the same domain as jupyterhub
       return False

From the hub’s perspetive this fragment works fine; it clears the users session cookies. But, any request made after this results in the singleuser-server returning a 503 service unavailable status. This causes JupyterLab frontend to display an error saying that the user’s pod is not running (even though it is, the real cause is that the session is not valid anymore). What i would expect instead of a 503 is a 403: Unauthorized status, since the issue is caused simply by missing the right cookies for authorization.

Am i doing something wrong in my approach for signin out the user, or is this an issue with jupyterhub’s auth service? In case anyone is interested, here is the stack trace of the error (occuring in jupyterhub/services/auth.py line 383):

   File "/opt/conda/lib/python3.7/site-packages/notebook/base/handlers.py", line 312, in set_default_headers
  File "/opt/conda/lib/python3.7/site-packages/notebook/base/handlers.py", line 151, in token_authenticated
    return self.login_handler.is_token_authenticated(self)
  File "/opt/conda/lib/python3.7/site-packages/jupyterhub/singleuser.py", line 95, in is_token_authenticated
  File "/opt/conda/lib/python3.7/site-packages/notebook/base/handlers.py", line 616, in get_current_user
    self._user_cache = user = super(APIHandler, self).get_current_user()
  File "/opt/conda/lib/python3.7/site-packages/notebook/base/handlers.py", line 131, in get_current_user
    return self.login_handler.get_user(self)
  File "/opt/conda/lib/python3.7/site-packages/jupyterhub/singleuser.py", line 108, in get_user
    return handler.get_current_user()
  File "/opt/conda/lib/python3.7/site-packages/jupyterhub/services/auth.py", line 894, in get_current_user
    user_model = self.hub_auth.get_user(self)
  File "/opt/conda/lib/python3.7/site-packages/jupyterhub/services/auth.py", line 490, in get_user
    user_model = self.user_for_token(token, session_id=session_id)
  File "/opt/conda/lib/python3.7/site-packages/jupyterhub/services/auth.py", line 427, in user_for_token
  File "/opt/conda/lib/python3.7/site-packages/jupyterhub/services/auth.py", line 312, in _check_hub_authorization
    data = self._api_request('GET', url, allow_404=True)
  File "/opt/conda/lib/python3.7/site-packages/jupyterhub/services/auth.py", line 383, in _api_request
    data = r.json()
  File "/opt/conda/lib/python3.7/site-packages/requests/models.py", line 898, in json
    return complexjson.loads(self.text, **kwargs)
  File "/opt/conda/lib/python3.7/json/__init__.py", line 348, in loads
    return _default_decoder.decode(s)
  File "/opt/conda/lib/python3.7/json/decoder.py", line 337, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
  File "/opt/conda/lib/python3.7/json/decoder.py", line 355, in raw_decode
    raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)