diff --git a/app/views/auth/confirmations/captcha.html.haml b/app/views/auth/confirmations/captcha.html.haml
index 1f577383eb69980daff17d670953e05811bac846..77f4b35b4fc987195ee1f2eaf7ca54eb3c4dcb78 100644
--- a/app/views/auth/confirmations/captcha.html.haml
+++ b/app/views/auth/confirmations/captcha.html.haml
@@ -5,6 +5,7 @@
   = render 'auth/shared/progress', stage: 'confirm'
 
   = hidden_field_tag :confirmation_token, params[:confirmation_token]
+  = hidden_field_tag :redirect_to_app, params[:redirect_to_app]
 
   %p.lead= t('auth.captcha_confirmation.hint_html')
 
diff --git a/spec/features/captcha_spec.rb b/spec/features/captcha_spec.rb
new file mode 100644
index 0000000000000000000000000000000000000000..db89ff3e616c587d8641f3e46253068b4bc1683a
--- /dev/null
+++ b/spec/features/captcha_spec.rb
@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe 'email confirmation flow when captcha is enabled' do
+  let(:user)        { Fabricate(:user, confirmed_at: nil, confirmation_token: 'foobar', created_by_application: client_app) }
+  let(:client_app)  { nil }
+
+  before do
+    # rubocop:disable RSpec/AnyInstance -- easiest way to deal with that that I know of
+    allow_any_instance_of(Auth::ConfirmationsController).to receive(:captcha_enabled?).and_return(true)
+    allow_any_instance_of(Auth::ConfirmationsController).to receive(:check_captcha!).and_return(true)
+    allow_any_instance_of(Auth::ConfirmationsController).to receive(:render_captcha).and_return(nil)
+    # rubocop:enable RSpec/AnyInstance
+  end
+
+  context 'when the user signed up through an app' do
+    let(:client_app) { Fabricate(:application) }
+
+    it 'logs in' do
+      visit "/auth/confirmation?confirmation_token=#{user.confirmation_token}&redirect_to_app=true"
+
+      # It presents the user with a captcha form
+      expect(page).to have_title(I18n.t('auth.captcha_confirmation.title'))
+
+      # It does not confirm the user just yet
+      expect(user.reload.confirmed?).to be false
+
+      # It redirects to app and confirms user
+      click_on I18n.t('challenge.confirm')
+      expect(user.reload.confirmed?).to be true
+      expect(page).to have_current_path(/\A#{client_app.confirmation_redirect_uri}/, url: true)
+    end
+  end
+end