Invitation acceptance
Accept an admin-issued invite before entering a tenant workspace.
This route activates an existing ControlLayer invitation only after Supabase Auth has issued a valid JWT for the invited email and tenant claim. Expired, mismatched, or reused invites fail safely.
Acceptance sequence
- 1. Sign in with the invited Supabase Auth account.
- 2. Submit the one-time invite token to the ControlLayer API.
- 3. Activate tenant membership and issue bounded HttpOnly session cookies.