ResolveRegistrationTokenController  

Resolves a registration token submitted in the POST body and returns the non-sensitive fields needed to pre-populate the sign-up modal.

The token is accepted in the body (not the URL) so it never appears in server access logs, browser history, or Referer headers. Only username, email, and the list of pre-filled field names are returned. Provider name, identifier, and payload internals are NOT exposed. No authentication is required — possession of the short-lived token is proof of authorisation.