🔍 Code Extractor

A data class representing a password credential associated with an application or service principal in Microsoft Graph API, containing password metadata and validity information.

Purpose

This class models password credentials used for authentication in Microsoft 365/Azure AD applications and service principals. It encapsulates password metadata including display name, secret text, unique identifier, and validity period. The class inherits from ClientValue, making it suitable for serialization and transmission in API requests/responses. It's primarily used when managing application credentials through the Microsoft Graph API, such as when adding or retrieving password credentials for applications or service principals.

Source Code

class PasswordCredential(ClientValue):
    """Represents a password credential associated with an application or a service principal.
    The passwordCredentials property of the application entity is a collection of passwordCredential objects.
    """

    def __init__(
        self,
        display_name=None,
        secret_text=None,
        key_id=None,
        start_datetime=None,
        end_datetime=None,
    ):
        """
        :param str display_name: Friendly name for the password. Optional.
        :param str secret_text: Read-only; Contains the strong passwords generated by Azure AD that are 16-64
            characters in length. The generated password value is only returned during the initial POST request to
            addPassword. There is no way to retrieve this password in the future.
        :param str key_id: The unique identifier for the password.
        :param str start_datetime: The date and time at which the password becomes valid. The Timestamp type represents
             date and time information using ISO 8601 format and is always in UTC time.
             For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Optional.
        :param str end_datetime:
        """
        super(PasswordCredential, self).__init__()
        self.displayName = display_name
        self.secretText = secret_text
        self.keyId = key_id
        self.startDateTime = start_datetime
        self.endDateTime = end_datetime

Parameters

Parameter Details

display_name: Optional friendly name for the password credential to help identify its purpose. Can be any descriptive string (e.g., 'Production API Key', 'Dev Environment Password'). Defaults to None if not provided.

secret_text: Read-only field containing the actual password value generated by Azure AD. This is a strong password between 16-64 characters in length. IMPORTANT: This value is only returned during the initial POST request when creating the password credential and cannot be retrieved later. Defaults to None.

key_id: The unique identifier (GUID) for this password credential. Used to reference this specific credential when updating or deleting it. Typically generated by Azure AD but can be provided. Defaults to None.

start_datetime: Optional ISO 8601 formatted datetime string (in UTC) indicating when the password becomes valid. Format example: '2014-01-01T00:00:00Z'. If not specified, the password is valid immediately. Defaults to None.

end_datetime: ISO 8601 formatted datetime string (in UTC) indicating when the password expires and is no longer valid. Format example: '2024-12-31T23:59:59Z'. Used to enforce credential rotation policies. Defaults to None.

Return Value

Instantiation returns a PasswordCredential object with the specified attributes set. The object inherits from ClientValue, which provides serialization capabilities for use with the Office365 REST API client. The instance contains five attributes (displayName, secretText, keyId, startDateTime, endDateTime) that can be accessed and modified after instantiation.

Class Interface

Methods

Attributes

Dependencies

• office365-runtime

Required Imports

from office365.runtime.client_value import ClientValue

Usage Example

from office365.runtime.client_value import ClientValue
from datetime import datetime, timedelta

# Create a new password credential for an application
password_cred = PasswordCredential(
    display_name="Production API Key",
    key_id="a1b2c3d4-e5f6-7890-abcd-ef1234567890",
    start_datetime="2024-01-01T00:00:00Z",
    end_datetime="2025-01-01T00:00:00Z"
)

# Access attributes
print(password_cred.displayName)  # Output: Production API Key
print(password_cred.keyId)  # Output: a1b2c3d4-e5f6-7890-abcd-ef1234567890

# Typically used when adding credentials to an application
# application.add_password(password_cred)
# Note: secretText would be populated by Azure AD in the response

# Create a minimal credential (only required fields)
minimal_cred = PasswordCredential(
    display_name="Dev Environment Password"
)

# Modify attributes after instantiation
minimal_cred.endDateTime = "2024-06-30T23:59:59Z"

Best Practices

• SECURITY: The secretText field is only available immediately after creation via API. Store it securely when first received as it cannot be retrieved again.
• Always set an end_datetime to enforce credential rotation and follow security best practices. Credentials without expiration dates pose security risks.
• Use descriptive display_name values to easily identify credentials when managing multiple password credentials for an application.
• When creating credentials via API, the key_id is typically auto-generated by Azure AD. Only provide it if you need to specify a particular GUID.
• Use ISO 8601 format for datetime strings (YYYY-MM-DDTHH:MM:SSZ) and always specify times in UTC to avoid timezone confusion.
• This class is immutable after API submission - to update a credential, you must delete the old one and create a new one.
• Keep track of key_id values for credentials you create, as you'll need them to delete or reference specific credentials later.
• The class inherits from ClientValue, which provides automatic serialization for API requests. Don't manually serialize unless necessary.

Tags

Similar Components

AI-powered semantic similarity - components with related functionality:

• class KeyCredential 77.0% similar

  A data class representing a key credential associated with an application in Microsoft Graph API, containing certificate or key information used for authentication.

  From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/key_credential.py

• class PasswordProfile 70.7% similar

  A data class representing a user's password profile in Microsoft Graph API, containing password and password change policy settings.

  From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/users/password_profile.py

• class PasswordAuthenticationMethod 68.6% similar

  A class representing a user's password authentication method in Microsoft 365/Office 365 directory services. This class provides a secure abstraction for password management without exposing the actual password value.

  From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/authentication/methods/password.py

• class UserCredential 67.7% similar

  A simple data class that stores user authentication credentials consisting of a username and password.

  From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/runtime/auth/user_credential.py

• class PasswordResetResponse 64.6% similar

  A data class that encapsulates the new system-generated password returned after a password reset operation in Azure AD.

  From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/authentication/password_reset_response.py