This code path was never actually tested before upgrading to
hypothesis ~6.45.
base64.urlsafe_b64encode returns bytes, which Django applied str()
to, causing the token to beto since D7938.
This reverts commit ce5824a68aed3b2717542c4e31d99152af7c2605.