Failure to authenticate API endpoints should raise 403 instead of redirect

[minrk]

Tornado's @web.authenticated redirects to login_url on failed authentication, but this isn't appropriate for the REST API. We should be raising a simple 403 instead of redirecting.

[edmundhenley-mo]

Hi @minrk - found this when digging into jupyter/nbdime#749.
In case useful (sorry for noise if not!), has this been superseded by jupyter-server/jupyter_server#1392 ?

[minrk]

I think it hasn't, but it does get part way there.

[minrk]

Migrating to jupyter-server!

[minrk]

ha, this was fixed by #2853 ... 7 years ago.