friendica oAuth authenticate for SPIP CMS

!Friendica Developers

I installed a friendica instance (say "friendica.site") and a SPIP website (a CMS : cf spip.net ) and its mastodon plugin ( git.spip.net/spip-contrib-exte… )
Using that plugin, I can send messages to the friendica instance, but i need the plugin to oAuth into friendica for further features.

So as to do so, I installed the oauthprovider addon github.com/bmillwood/friendica…

When declaring the account in SPIP-plugin config page, i'm redireted to friendica.site and asked whether i accept oAuth. I agree. The newly accepted "SpipToMastodon" app appears in the addon config page friendica.site/admin/addon/oauthprovider : everything seems ok.

Then there is a redirect toward the SPIP plugin config page, and an error happens, because the process tries to fetch the following url : friendica.site/api/v1/accounts/verify_credentials?access_token=64ee5f2etc...
and friendica's `getUserIdByAuth` method fails with error « Unauthorized / This API requires login » and sends a 401 http code back... The spip-plugin fails.

I see that when trying that url directly in the browser, it asks for an interactive http login and password !!! When i enter my login and password, i then get a nice json with my user datas.

When trying that url on mastodon sites in the browser (with adapted access_tokens), i do not have to interactively enter my login and password = the feedback url is immediately accepted and json data is provided.
It looks like the access_token enables this for mastodon, but not for friendica.

In friendica's code, the PHPDOC says « An addon indicates successful login by setting 'authenticated' to non-zero value and returning a user record » relating to `Hook::callAll('authenticate', $addon_auth);`. Is this some kind of pipelined operation that the oauthprovider addon should implement, using the access_token ?

On the SPIP plugin side, is there something to be done so the plugin accomodates friendica verify_credentials page ?