OAuthenticator changes refresh_pre_spawn default to if enable_auth_state, so if you have auth state enabled, refresh_pre_spawn defaults to True.
However, I now see from your logs that this is also affecting GET /hub/api/users/user01, which is not related to refresh_pre_spawn, that’s the regular refresh_user behavior invoked after auth_refresh_age (default: 300s) for any authenticated request.
One thing that’s notable here is that auth_state is empty for this user, which suggests they have never logged in via oauth.
is this a regular user, or a synthetic user that never logs in with a browser, and thus never gets the oauth credentials? If it’s a synthetic user, you’ll need to skip the default refresh_user behavior for that user, or they won’t be able to do ~anything. 2i2c’s infrastructure does exactly this, which you can use as an example:
def refresh_user_hook(authenticator, user, auth_state):
if user.name == "deployment-service-check":
# if this is the user,
# refresh_user doesn't make sense
# consider it always fresh
return True
# for all other users, refresh as usual
return None
c.OAuthenticator.refresh_user_hook = refresh_user_hook