Problem running a server extension using /user-redirect/

I developed a Jupyterlab server extension that allows a user to open a Jupyter Notebook with pre-populated code provided either in base64 format or as the URL of an external publicly available notebook file (more info at

The first time the user logs into JupyterHub he gets a 403: Forbidden error, but if the user is previously logged in the extension runs successfully. Checking the log the extension is not reached after the user logs in, it is only executed if the user is already logged in.

I’m using /user-redirect/ to set up the path to the extension to be executed by jupyterhub.

Any help please.

I opened this patch which I believe will fix it. The short answer is that the API Handler base class is for API requests, which should only come from already authenticated pages (or scripts), and return 403 errors if the request is not authorized. Pages that browsers are expected to visit should instead inherit from JupyterHandler, and will start the login redirect sequence if the request is not authorized, which I think is the behavior you are after.