diff --git a/sdk/core/core-client/CHANGELOG.md b/sdk/core/core-client/CHANGELOG.md index 2c9d18a043f2..28207cdb3378 100644 --- a/sdk/core/core-client/CHANGELOG.md +++ b/sdk/core/core-client/CHANGELOG.md @@ -8,6 +8,8 @@ ### Bugs Fixed +- Addressed an issue with `authorizeRequestOnTenantChallenge` not correctly parsing challenges. [PR #28967](https://github.com/Azure/azure-sdk-for-js/pull/28967) + ### Other Changes ## 1.9.0 (2024-03-12) @@ -30,6 +32,7 @@ ## 1.7.3 (2023-06-01) ### Other Changes + - remove the validation that credential scopes must be a valid URL [Issue #25881](https://github.com/Azure/azure-sdk-for-js/issues/25881) ## 1.7.2 (2023-02-23) diff --git a/sdk/core/core-client/src/authorizeRequestOnTenantChallenge.ts b/sdk/core/core-client/src/authorizeRequestOnTenantChallenge.ts index a04337ba705e..dde1057e5fcb 100644 --- a/sdk/core/core-client/src/authorizeRequestOnTenantChallenge.ts +++ b/sdk/core/core-client/src/authorizeRequestOnTenantChallenge.ts @@ -79,11 +79,11 @@ function buildScopes( challengeOptions: AuthorizeRequestOnChallengeOptions, challengeInfo: Challenge, ): string[] { - if (!challengeInfo.resource_uri) { + if (!challengeInfo.resource_id) { return challengeOptions.scopes; } - const challengeScopes = new URL(challengeInfo.resource_uri); + const challengeScopes = new URL(challengeInfo.resource_id); challengeScopes.pathname = Constants.DefaultScope; return [challengeScopes.toString()]; } @@ -105,7 +105,7 @@ function getChallenge(response: PipelineResponse): string | undefined { */ interface Challenge { authorization_uri: string; - resource_uri?: string; + resource_id?: string; } /** diff --git a/sdk/core/core-client/test/authorizeRequestOnTenantChallenge.spec.ts b/sdk/core/core-client/test/authorizeRequestOnTenantChallenge.spec.ts index 4b97cdfe4439..dce9251efe6c 100644 --- a/sdk/core/core-client/test/authorizeRequestOnTenantChallenge.spec.ts +++ b/sdk/core/core-client/test/authorizeRequestOnTenantChallenge.spec.ts @@ -45,7 +45,7 @@ describe("storageBearerTokenChallengeAuthenticationPolicy", function () { return { headers: createHttpHeaders({ - "WWW-Authenticate": `Bearer authorization_uri=https://login.microsoftonline.com/${fakeGuid}/oauth2/authorize resource_uri=https://storage.azure.com`, + "WWW-Authenticate": `Bearer authorization_uri=https://login.microsoftonline.com/${fakeGuid}/oauth2/authorize resource_id=https://storage.azure.com`, }), request: req, status: 200, @@ -113,7 +113,7 @@ describe("storageBearerTokenChallengeAuthenticationPolicy", function () { assert.equal(req.headers.get("authorization"), "Bearer originalToken"); return { headers: createHttpHeaders({ - "WWW-Authenticate": `Bearer authorization_uri=https://login.microsoftonline.com/${fakeGuid}/oauth2/authorize resource_uri=https://storage.azure.com`, + "WWW-Authenticate": `Bearer authorization_uri=https://login.microsoftonline.com/${fakeGuid}/oauth2/authorize resource_id=https://storage.azure.com`, }), request: req, status: 401, @@ -158,7 +158,7 @@ describe("storageBearerTokenChallengeAuthenticationPolicy", function () { assert.equal(req.headers.get("authorization"), "Bearer originalToken"); return { headers: createHttpHeaders({ - "WWW-Authenticate": `Bearer authorization_uri=https://login.microsoftonline.com/${fakeGuid}/oauth2/authorize resource_uri=https://storage.azure.com`, + "WWW-Authenticate": `Bearer authorization_uri=https://login.microsoftonline.com/${fakeGuid}/oauth2/authorize resource_id=https://storage.azure.com`, }), request: req, status: 401, @@ -245,7 +245,7 @@ describe("storageBearerTokenChallengeAuthenticationPolicy", function () { assert.equal(req.headers.get("authorization"), "Bearer originalToken"); return { headers: createHttpHeaders({ - "WWW-Authenticate": `Bearer authorization_uri=https://login.microsoftonline.com/${fakeGuid}/oauth2/authorize resource_uri=https://storage.azure.com`, + "WWW-Authenticate": `Bearer authorization_uri=https://login.microsoftonline.com/${fakeGuid}/oauth2/authorize resource_id=https://storage.azure.com`, }), request: req, status: 401,