After a user has been invited, they will get a token to set their password for the first time. Use this route to set the user's password. NOTE: The token expires after a single use or 30 mins. If the user does not set their password within 30 minutes, you will need to re-invite them.