[core-client] Fix issue with Storage bearer challenges

sdk/core/core-client/CHANGELOG.md

@@ -8,6 +8,8 @@
 
 ### Bugs Fixed
 
+- Addressed an issue with `authorizeRequestOnTenantChallenge` not correctly parsing challenges. [PR #28967](https://github.com/Azure/azure-sdk-for-js/pull/28967)
+
 ### Other Changes
 
 ## 1.9.0 (2024-03-12)
@@ -30,6 +32,7 @@
 ## 1.7.3 (2023-06-01)
 
 ### Other Changes
+
 - remove the validation that credential scopes must be a valid URL [Issue #25881](https://github.com/Azure/azure-sdk-for-js/issues/25881)
 
 ## 1.7.2 (2023-02-23)

sdk/core/core-client/src/authorizeRequestOnTenantChallenge.ts

@@ -79,11 +79,11 @@ function buildScopes(
   challengeOptions: AuthorizeRequestOnChallengeOptions,
   challengeInfo: Challenge,
 ): string[] {
-  if (!challengeInfo.resource_uri) {
+  if (!challengeInfo.resource_id) {
     return challengeOptions.scopes;
   }
 
-  const challengeScopes = new URL(challengeInfo.resource_uri);
+  const challengeScopes = new URL(challengeInfo.resource_id);
   challengeScopes.pathname = Constants.DefaultScope;
   return [challengeScopes.toString()];
 }
@@ -105,7 +105,7 @@ function getChallenge(response: PipelineResponse): string | undefined {
  */
 interface Challenge {
   authorization_uri: string;
-  resource_uri?: string;
+  resource_id?: string;
 }
 
 /**

sdk/core/core-client/test/authorizeRequestOnTenantChallenge.spec.ts

@@ -45,7 +45,7 @@ describe("storageBearerTokenChallengeAuthenticationPolicy", function () {
 
         return {
           headers: createHttpHeaders({
-            "WWW-Authenticate": `Bearer authorization_uri=https://login.microsoftonline.com/${fakeGuid}/oauth2/authorize resource_uri=https://storage.azure.com`,
+            "WWW-Authenticate": `Bearer authorization_uri=https://login.microsoftonline.com/${fakeGuid}/oauth2/authorize resource_id=https://storage.azure.com`,
           }),
           request: req,
           status: 200,
@@ -113,7 +113,7 @@ describe("storageBearerTokenChallengeAuthenticationPolicy", function () {
           assert.equal(req.headers.get("authorization"), "Bearer originalToken");
           return {
             headers: createHttpHeaders({
-              "WWW-Authenticate": `Bearer authorization_uri=https://login.microsoftonline.com/${fakeGuid}/oauth2/authorize resource_uri=https://storage.azure.com`,
+              "WWW-Authenticate": `Bearer authorization_uri=https://login.microsoftonline.com/${fakeGuid}/oauth2/authorize resource_id=https://storage.azure.com`,
             }),
             request: req,
             status: 401,
@@ -158,7 +158,7 @@ describe("storageBearerTokenChallengeAuthenticationPolicy", function () {
           assert.equal(req.headers.get("authorization"), "Bearer originalToken");
           return {
             headers: createHttpHeaders({
-              "WWW-Authenticate": `Bearer authorization_uri=https://login.microsoftonline.com/${fakeGuid}/oauth2/authorize resource_uri=https://storage.azure.com`,
+              "WWW-Authenticate": `Bearer authorization_uri=https://login.microsoftonline.com/${fakeGuid}/oauth2/authorize resource_id=https://storage.azure.com`,
             }),
             request: req,
             status: 401,
@@ -245,7 +245,7 @@ describe("storageBearerTokenChallengeAuthenticationPolicy", function () {
         assert.equal(req.headers.get("authorization"), "Bearer originalToken");
         return {
           headers: createHttpHeaders({
-            "WWW-Authenticate": `Bearer authorization_uri=https://login.microsoftonline.com/${fakeGuid}/oauth2/authorize resource_uri=https://storage.azure.com`,
+            "WWW-Authenticate": `Bearer authorization_uri=https://login.microsoftonline.com/${fakeGuid}/oauth2/authorize resource_id=https://storage.azure.com`,
           }),
           request: req,
           status: 401,