diff --git a/app/organization/invite_rest.py b/app/organization/invite_rest.py
index 2e6a9ba2c..59fe312c5 100644
--- a/app/organization/invite_rest.py
+++ b/app/organization/invite_rest.py
@@ -43,6 +43,18 @@ def invite_user_to_org(organization_id):
     data = request.get_json()
     validate(data, post_create_invited_org_user_status_schema)
 
+    request_json = request.get_json()
+    try:
+        nonce = request_json.pop("nonce")
+    except KeyError:
+        current_app.logger.exception("nonce not found in submitted data.")
+        raise
+    try:
+        state = request_json.pop("state")
+    except KeyError:
+        current_app.logger.exception("state not found in submitted data.")
+        raise
+
     invited_org_user = InvitedOrganizationUser(
         email_address=data["email_address"],
         invited_by_id=data["invited_by"],
@@ -53,15 +65,9 @@ def invite_user_to_org(organization_id):
     template = dao_get_template_by_id(
         current_app.config["ORGANIZATION_INVITATION_EMAIL_TEMPLATE_ID"]
     )
-
-    token = generate_token(
-        str(invited_org_user.email_address),
-        current_app.config["SECRET_KEY"],
-        current_app.config["DANGEROUS_SALT"],
-    )
     url = os.environ["LOGIN_DOT_GOV_REGISTRATION_URL"]
-    url = url.replace("NONCE", token)
-    url = url.replace("STATE", token)
+    url = url.replace("NONCE", nonce)
+    url = url.replace("STATE", state)
 
     personalisation = {
         "user_name": (
diff --git a/tests/app/organization/test_invite_rest.py b/tests/app/organization/test_invite_rest.py
index 37bcb5a9a..17ace6c55 100644
--- a/tests/app/organization/test_invite_rest.py
+++ b/tests/app/organization/test_invite_rest.py
@@ -48,6 +48,8 @@ def test_create_invited_org_user(
         organization=str(sample_organization.id),
         email_address=email_address,
         invited_by=str(sample_user.id),
+        nonce="dummy-nonce",
+        state="dummy-state",
         **extra_args
     )