Comment 1 for bug 353629

As a result of this, when they confirm the subscription, it will create a token for the *team* - rather than the user, and try to redirect to it, but will result in a Forbidden as the user generally won't have lp.View access to the token (viewable only to the token.person or those with Append on the token.archive).

I've written a fix which is currently on ec2test and awaiting Celso's feedback.