Organization invite is broken for accounts with 2FA

[shellmayr]

Environment

SaaS (https://sentry.io/)

Steps to Reproduce

1. Create user-1 with a new org org-1
2. Setup 2FA for the user-1
3. Logout
4. Create user-2 with new org org-2
5. Invite user-1 to join org-2
6. Logout
7. Click invite link and try to login to user-1

Expected Result

Being able to accept an organization invite and logging me in

Actual Result

Infinite loop of Login Form -> Join Org Dialog -> Login Form -> etc.

Product Area

Unknown

Link

https://{ORG_ID}.sentry.io/accept/{INDIVIDUAL_LINK}

DSN

No response

Version

No response

[getsantry]

Routing to @getsentry/product-owners-settings-auth for triage ⏲️

[leedongwei]

Seems replicated by #84292. We have someone investigating.

[mifu67]

I believe this is happening because the org member invite endpoint initiates login and sets a next_url if the user is not authenticated—this means that if a user has set up 2FA, then they will not continue to the 2FA view and instead be redirected back to the invite acceptance view, thus never being able to complete their authentication flow.

We're planning to rework the organization invite acceptance flow as part of the Auth V2 project. A workaround for now should be to first log in as User 1 before accepting the organization invite to Org 2.