🔍 Code Extractor

class KeyCredential

Maturity: 50

A data class representing a key credential associated with an application in Microsoft Graph API, containing certificate or key information used for authentication.

File:
/tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/key_credential.py
Lines:
4 - 46
Complexity:
simple

Purpose

KeyCredential is a value object that encapsulates key credential information for applications and service principals in Microsoft Graph API. It stores metadata about certificates, keys, and their validity periods. This class is typically used as part of the keyCredentials collection property on application or servicePrincipal entities, representing authentication credentials like X.509 certificates or symmetric keys used for app authentication.

Source Code

class KeyCredential(ClientValue):
    """
    Contains a key credential associated with an application .
    The keyCredentials property of the application entity is a collection of keyCredential.
    """

    def __init__(
        self,
        custom_key_identifier=None,
        display_name=None,
        end_datetime=None,
        key=None,
        key_id=None,
        start_datetime=None,
        key_type=None,
        usage=None,
    ):
        """
        :param str custom_key_identifier: A 40-character binary type that can be used to identify the credential.
           Optional. When not provided in the payload, defaults to the thumbprint of the certificate.
        :param str display_name: Friendly name for the key. Optional.
        :param datetime.datetime or str end_datetime: The date and time at which the credential expires.
            The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time
            For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
        :param bytes or str key: The certificate's raw data in byte array converted to Base64 string.
            Returned only on $select for a single object, that is,
            GET applications/{applicationId}?$select=keyCredentials or
            GET servicePrincipals/{servicePrincipalId}?$select=keyCredentials; otherwise, it is always null.
        :param str key_id: The unique identifier (GUID) for the key.
        :param datetime.datetime or start_datetime: The date and time at which the credential becomes valid.The Timestamp
            type represents date and time information using ISO 8601 format and is always in UTC time.
            For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
        :param str key_type: The type of key credential; for example, Symmetric, AsymmetricX509Cert.
        :param str usage: A string that describes the purpose for which the key can be used; for example, Verify.
        """
        self.customKeyIdentifier = custom_key_identifier
        self.displayName = display_name
        self.endDateTime = end_datetime
        self.key = key
        self.keyId = key_id
        self.startDateTime = start_datetime
        self.type = key_type
        self.usage = usage

Parameters

Name Type Default Kind
bases ClientValue -

Parameter Details

custom_key_identifier: A 40-character binary type identifier for the credential. Optional parameter that defaults to the certificate thumbprint if not provided. Used to uniquely identify the credential in a human-readable way.

display_name: A friendly, human-readable name for the key credential. Optional parameter used for display purposes to help administrators identify the credential.

end_datetime: The expiration date and time for the credential. Accepts either a datetime.datetime object or an ISO 8601 formatted string in UTC (e.g., '2014-01-01T00:00:00Z'). Defines when the credential becomes invalid.

key: The raw certificate data as bytes or Base64-encoded string. This contains the actual key material. Only returned when explicitly selected via $select query parameter in Microsoft Graph API calls, otherwise null for security reasons.

key_id: A unique identifier (GUID) for the key credential. Used as the primary identifier for the credential in the Microsoft Graph API.

start_datetime: The date and time when the credential becomes valid. Accepts either a datetime.datetime object or an ISO 8601 formatted string in UTC (e.g., '2014-01-01T00:00:00Z'). Defines when the credential becomes active.

key_type: The type of key credential being stored. Common values include 'Symmetric', 'AsymmetricX509Cert'. Indicates the cryptographic type of the key.

usage: A string describing the intended purpose of the key. Common values include 'Verify', 'Sign'. Indicates what operations the key can be used for.

Return Value

Instantiation returns a KeyCredential object with all provided parameters stored as instance attributes. The object inherits from ClientValue, making it serializable for use with Microsoft Graph API requests and responses. No methods return values as this is primarily a data container class.

Class Interface

Attributes

Name Type Description Scope
customKeyIdentifier str or None A 40-character binary type identifier for the credential, defaults to certificate thumbprint if not provided instance
displayName str or None Friendly name for the key credential used for display purposes instance
endDateTime datetime.datetime or str or None The expiration date and time of the credential in ISO 8601 format (UTC) instance
key bytes or str or None The certificate's raw data as byte array or Base64 string, only returned with explicit $select queries instance
keyId str or None The unique identifier (GUID) for the key credential instance
startDateTime datetime.datetime or str or None The date and time when the credential becomes valid in ISO 8601 format (UTC) instance
type str or None The type of key credential (e.g., 'Symmetric', 'AsymmetricX509Cert') instance
usage str or None The purpose for which the key can be used (e.g., 'Verify', 'Sign') instance

Dependencies

  • office365

Required Imports

from office365.runtime.client_value import ClientValue

Usage Example

from office365.runtime.client_value import ClientValue
from datetime import datetime

# Create a key credential for an X.509 certificate
key_cred = KeyCredential(
    custom_key_identifier='A1B2C3D4E5F6...',
    display_name='Production Certificate',
    start_datetime='2024-01-01T00:00:00Z',
    end_datetime='2025-01-01T00:00:00Z',
    key='MIIDPzCCAiegAwIBAgIQP...',
    key_id='12345678-1234-1234-1234-123456789abc',
    key_type='AsymmetricX509Cert',
    usage='Verify'
)

# Access attributes
print(key_cred.displayName)  # 'Production Certificate'
print(key_cred.type)  # 'AsymmetricX509Cert'
print(key_cred.keyId)  # '12345678-1234-1234-1234-123456789abc'

# Typically used as part of an application's keyCredentials collection
# application.keyCredentials.append(key_cred)

Best Practices

  • This is an immutable-style data class; set all required attributes during instantiation rather than modifying them later.
  • When providing datetime values, use ISO 8601 format strings in UTC timezone (e.g., '2024-01-01T00:00:00Z') for consistency with Microsoft Graph API.
  • The 'key' attribute contains sensitive cryptographic material and should be handled securely. It's typically only populated when explicitly requested via $select queries.
  • Ensure start_datetime is before end_datetime to create a valid credential with a proper validity period.
  • The key_id should be a valid GUID format when provided, as it's used as a unique identifier in Microsoft Graph API.
  • This class is designed to be used as part of a collection (keyCredentials property) on application or servicePrincipal entities, not typically as a standalone object.
  • The class inherits from ClientValue, which provides serialization capabilities for Microsoft Graph API communication.
  • Note the attribute name mapping: 'key_type' parameter maps to 'type' attribute, and 'custom_key_identifier' maps to 'customKeyIdentifier' (camelCase) to match Microsoft Graph API conventions.

Tags

microsoft-graph authentication credentials certificate key-management azure-ad application service-principal x509 data-class value-object

Similar Components

AI-powered semantic similarity - components with related functionality:

  • class PasswordCredential 77.0% similar

    A data class representing a password credential associated with an application or service principal in Microsoft Graph API, containing password metadata and validity information.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/password_credential.py

  • class AppPrincipalCredential 65.2% similar

    A class representing a credential belonging to an app principal in SharePoint, providing factory methods to create credentials from symmetric keys or key group identifiers.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/sharepoint/appprincipal/credential.py

  • class UserCredential 62.8% similar

    A simple data class that stores user authentication credentials consisting of a username and password.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/runtime/auth/user_credential.py

  • class Application 61.2% similar

    Represents an Azure Active Directory (Azure AD) application registration, providing methods to manage application credentials, certificates, passwords, and publisher verification.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/applications/application.py

  • class ClientCredential 57.1% similar

    A simple data container class that stores OAuth 2.0 client credentials consisting of a client ID and client secret.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/runtime/auth/client_credential.py
← Back to Browse