I set up xwiki in private mode, i.e. in the "Rights" settings the anonymous user has no rights checked and specifically the "registration" right disabled. Email verification is enabled, as this is the default from a standard installation.

Now, when I invite a user to the wiki and the user accepts the invitation, he is redirected to the registration page where he enters his data (and email, again), after which the email verification mail is sent out. If the user clicks on the link in that email - or copies the code out from the URL and pastes it into the validation key field after he manually tries to login again - he is not accepted and retrieves some "code invalid" (sorry, translation) error. Such users are shown as "locked" users in the administrative area and can be unlocked manually by an admin.

When I disable email verification in the registration settings, the invitation / registration process completes without any issues.