diff --git a/lib/AccountManager/App.pm b/lib/AccountManager/App.pm
index 6d63b81713b2cd959488f36c088c140e47c365e3..03a4f72b69139cd5009f4fd811f13424bfca489d 100644
--- a/lib/AccountManager/App.pm
+++ b/lib/AccountManager/App.pm
@@ -353,14 +353,14 @@ sub req_complete_challenge {
 
     my $metadata_file = $self->get_metadata_file(federation => $federation);
 
-    my $provider = AccountManager::ServiceProvider->new(
+    my $sp = AccountManager::ServiceProvider->new(
         db       => $self->{db},
         entityid => $entityid,
     );
     $self->abort(
         log  => sprintf("No such SP '%s' in database", $entityid),
         user => "no_such_entity"
-    ) if !$provider->load(speculative => 1);
+    ) if !$sp->load(speculative => 1);
 
     # override metadata contacts if needed
     my $contacts =
@@ -369,10 +369,10 @@ sub req_complete_challenge {
     if ($contacts) {
         if ($contacts =~ /^\+(.+)/) {
             # complement original contacts
-            $provider->contacts($provider->contacts(), split(/, */, $1));
+            $sp->contacts($sp->contacts(), split(/, */, $1));
         } else {
             # replace original contacts
-            $provider->contacts(split(/, */, $contacts));
+            $sp->contacts(split(/, */, $contacts));
         }
     }
 
@@ -380,7 +380,7 @@ sub req_complete_challenge {
     $self->abort(
         log  => "Requested a token for SP $entityid with unautorized address $email",
         user => "internal",
-    ) if !$provider->is_contact($email);
+    ) if !$sp->is_contact($email);
 
     # delete any previous token for the same email/service couple
     my $old_token = AccountManager::Token->new(