From 6f0c4755658fbbacf50de684c16eb378d1dbfb92 Mon Sep 17 00:00:00 2001
From: Ray Luo <rayluo.mba@gmail.com>
Date: Mon, 22 Jun 2020 14:45:42 -0700
Subject: [PATCH 1/3] Update issue templates

---
 .../a-template-reminding-adal-s-status.md     | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 .github/ISSUE_TEMPLATE/a-template-reminding-adal-s-status.md

diff --git a/.github/ISSUE_TEMPLATE/a-template-reminding-adal-s-status.md b/.github/ISSUE_TEMPLATE/a-template-reminding-adal-s-status.md
new file mode 100644
index 00000000..2ee871cd
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/a-template-reminding-adal-s-status.md
@@ -0,0 +1,19 @@
+---
+name: A template reminding ADAL's status
+about: So that people are guided to use MSAL Python instead.
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+This library, ADAL for Python, will no longer receive new feature improvements. Instead, use the new library [MSAL for Python](https://github.com/AzureAD/microsoft-authentication-library-for-python).
+
+*    If you are starting a new project, you can get started with the MSAL Python docs for details about the scenarios, usage, and relevant concepts.
+*    If your application is using the previous ADAL Python library, you can follow this migration guide to update to MSAL Python.
+*    Existing applications relying on ADAL Python will continue to work.
+
+---
+
+If you encounter a bug, please reproduce it using our off-the-shelf
+[samples](https://github.com/AzureAD/azure-activedirectory-library-for-python/tree/1.2.4/sample), so that we can follow your steps.

From be39feb3d1037ac6a45e2e2147f451228afc5fd3 Mon Sep 17 00:00:00 2001
From: Abhidnya <patil.abhidnya@gmail.com>
Date: Thu, 17 Sep 2020 16:47:46 -0700
Subject: [PATCH 2/3] Federated flow fix (#240)

---
 adal/token_request.py   | 12 +++++++-----
 adal/user_realm.py      |  2 ++
 adal/wstrust_request.py |  4 ++--
 3 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/adal/token_request.py b/adal/token_request.py
index 66743c4c..db269ddb 100644
--- a/adal/token_request.py
+++ b/adal/token_request.py
@@ -190,9 +190,9 @@ def _perform_wstrust_assertion_oauth_exchange(self, wstrust_response):
 
         return self._oauth_get_token(oauth_parameters)
 
-    def _perform_wstrust_exchange(self, wstrust_endpoint, wstrust_endpoint_version, username, password):
+    def _perform_wstrust_exchange(self, wstrust_endpoint, wstrust_endpoint_version, cloud_audience_urn, username, password):
 
-        wstrust = self._create_wstrust_request(wstrust_endpoint, "urn:federation:MicrosoftOnline",
+        wstrust = self._create_wstrust_request(wstrust_endpoint, cloud_audience_urn,
                                                wstrust_endpoint_version)
         result = wstrust.acquire_token(username, password)
 
@@ -204,15 +204,16 @@ def _perform_wstrust_exchange(self, wstrust_endpoint, wstrust_endpoint_version,
 
         return result
 
-    def _perform_username_password_for_access_token_exchange(self, wstrust_endpoint, wstrust_endpoint_version,
+    def _perform_username_password_for_access_token_exchange(self, wstrust_endpoint, wstrust_endpoint_version, cloud_audience_urn,
                                                              username, password):
-        wstrust_response = self._perform_wstrust_exchange(wstrust_endpoint, wstrust_endpoint_version,
+        wstrust_response = self._perform_wstrust_exchange(wstrust_endpoint, wstrust_endpoint_version, cloud_audience_urn,
                                                           username, password)
         return self._perform_wstrust_assertion_oauth_exchange(wstrust_response)
 
     def _get_token_username_password_federated(self, username, password):
         self._log.debug("Acquiring token with username password for federated user")
 
+        cloud_audience_urn = self._user_realm.cloud_audience_urn
         if not self._user_realm.federation_metadata_url:
             self._log.warn("Unable to retrieve federationMetadataUrl from AAD. "
                            "Attempting fallback to AAD supplied endpoint.")
@@ -228,7 +229,7 @@ def _get_token_username_password_federated(self, username, password):
 
             return self._perform_username_password_for_access_token_exchange(
                 self._user_realm.federation_active_auth_url,
-                wstrust_version, username, password)
+                wstrust_version, cloud_audience_urn, username, password)
         else:
             mex_endpoint = self._user_realm.federation_metadata_url
             self._log.debug(
@@ -253,6 +254,7 @@ def _get_token_username_password_federated(self, username, password):
                     raise AdalError('AAD did not return a WSTrust endpoint. Unable to proceed.')
 
             return self._perform_username_password_for_access_token_exchange(wstrust_endpoint, wstrust_version,
+                                                                             cloud_audience_urn,
                                                                              username, password)
     @staticmethod
     def _parse_wstrust_version_from_federation_active_authurl(federation_active_authurl):
diff --git a/adal/user_realm.py b/adal/user_realm.py
index 902c702a..3d022933 100644
--- a/adal/user_realm.py
+++ b/adal/user_realm.py
@@ -57,6 +57,7 @@ def __init__(self, call_context, user_principle, authority_url):
         self.account_type = None
         self.federation_metadata_url = None
         self.federation_active_auth_url = None
+        self.cloud_audience_urn = None
         self._user_principle = user_principle
         self._authority_url = authority_url
 
@@ -131,6 +132,7 @@ def _parse_discovery_response(self, body):
             self.federation_protocol = protocol
             self.federation_metadata_url = response['federation_metadata_url']
             self.federation_active_auth_url = response['federation_active_auth_url']
+            self.cloud_audience_urn = response.get('cloud_audience_urn', "urn:federation:MicrosoftOnline")
 
         self._log_parsed_response()
 
diff --git a/adal/wstrust_request.py b/adal/wstrust_request.py
index fb5ee05d..a96488c3 100644
--- a/adal/wstrust_request.py
+++ b/adal/wstrust_request.py
@@ -41,10 +41,10 @@
 
 class WSTrustRequest(object):
 
-    def __init__(self, call_context, watrust_endpoint_url, applies_to, wstrust_endpoint_version):
+    def __init__(self, call_context, wstrust_endpoint_url, applies_to, wstrust_endpoint_version):
         self._log = log.Logger('WSTrustRequest', call_context['log_context'])
         self._call_context = call_context
-        self._wstrust_endpoint_url = watrust_endpoint_url
+        self._wstrust_endpoint_url = wstrust_endpoint_url
         self._applies_to = applies_to
         self._wstrust_endpoint_version = wstrust_endpoint_version
         

From ae1eb0e5be193a3fecd8c92a9f6acd98b6f4ddf0 Mon Sep 17 00:00:00 2001
From: Ray Luo <rayluo@microsoft.com>
Date: Tue, 20 Oct 2020 15:56:03 -0700
Subject: [PATCH 3/3] ADAL Python 1.2.5

---
 adal/__init__.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/adal/__init__.py b/adal/__init__.py
index 4c88dce8..7c2cdaa3 100644
--- a/adal/__init__.py
+++ b/adal/__init__.py
@@ -27,7 +27,7 @@
 
 # pylint: disable=wrong-import-position
 
-__version__ = '1.2.4'
+__version__ = '1.2.5'
 
 import logging