🔍 Code Extractor

class StsPolicy

Maturity: 52

StsPolicy is an abstract base class representing policy types that control Microsoft identity platform behavior, extending PolicyBase with specific functionality for managing policy application to directory objects.

File:
/tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/policies/sts.py
Lines:
6 - 25
Complexity:
moderate

Purpose

This class serves as a base type for Security Token Service (STS) policies in Microsoft Graph API integration. It provides access to directory objects that a policy applies to, enabling management of identity platform policies such as token lifetime policies, claims mapping policies, and other STS-related configurations. The class abstracts common functionality for policy types that need to track which directory objects (users, groups, service principals) they apply to.

Source Code

class StsPolicy(PolicyBase):
    """Represents an abstract base type for policy types that control Microsoft identity platform behavior."""

    @property
    def applies_to(self):
        """"""
        return self.properties.get(
            "appliesTo",
            DirectoryObjectCollection(
                self.context, ResourcePath("appliesTo", self.resource_path)
            ),
        )

    def get_property(self, name, default_value=None):
        if default_value is None:
            property_mapping = {
                "appliesTo": self.applies_to,
            }
            default_value = property_mapping.get(name, None)
        return super(StsPolicy, self).get_property(name, default_value)

Parameters

Name Type Default Kind
bases PolicyBase -

Parameter Details

context: The client context object required for making API calls to Microsoft Graph, inherited from PolicyBase. This provides authentication and connection details.

resource_path: The resource path identifying this policy in the Microsoft Graph API hierarchy, inherited from PolicyBase. Used to construct API endpoints for operations on this policy.

Return Value

Instantiation returns an StsPolicy object that represents a Microsoft identity platform policy. The applies_to property returns a DirectoryObjectCollection containing all directory objects (users, groups, service principals, etc.) that this policy applies to. The get_property method returns the value of a specified property, with special handling for 'appliesTo' to return the DirectoryObjectCollection.

Class Interface

Methods

@property applies_to(self) -> DirectoryObjectCollection property

Purpose: Retrieves the collection of directory objects (users, groups, service principals) that this STS policy applies to

Returns: DirectoryObjectCollection containing all directory objects associated with this policy. The collection is lazy-loaded and requires execute_query() to fetch data.

get_property(self, name: str, default_value=None) -> Any

Purpose: Retrieves a property value by name with special handling for policy-specific properties like 'appliesTo', falling back to parent class implementation for other properties

Parameters:

  • name: The name of the property to retrieve (e.g., 'appliesTo')
  • default_value: Optional default value to return if property is not found. If None, uses internal property mapping for known properties.

Returns: The value of the requested property. For 'appliesTo', returns DirectoryObjectCollection. For other properties, returns value from parent PolicyBase class or the provided default_value.

Attributes

Name Type Description Scope
context ClientContext The client context for API operations, inherited from PolicyBase. Provides authentication and connection details for Microsoft Graph API calls. instance
resource_path ResourcePath The resource path identifying this policy in the API hierarchy, inherited from PolicyBase. Used to construct API endpoints. instance
properties dict Dictionary storing the policy's properties and values, inherited from PolicyBase. Contains raw data retrieved from the API. instance

Dependencies

  • office365

Required Imports

from office365.directory.object_collection import DirectoryObjectCollection
from office365.directory.policies.base import PolicyBase
from office365.runtime.paths.resource_path import ResourcePath

Usage Example

# Note: StsPolicy is an abstract base class, typically used through concrete implementations
# Example shows conceptual usage pattern

from office365.graph_client import GraphClient
from office365.directory.policies.sts import StsPolicy

# Initialize Graph client with credentials
client = GraphClient.with_client_credentials(
    tenant_id='your-tenant-id',
    client_id='your-client-id',
    client_secret='your-client-secret'
)

# Retrieve an STS policy (concrete implementation)
policy = client.policies.token_lifetime_policies.get_by_id('policy-id')

# Access the directory objects this policy applies to
applies_to_collection = policy.applies_to
applies_to_collection.get().execute_query()

# Iterate through objects the policy applies to
for directory_object in applies_to_collection:
    print(f"Policy applies to: {directory_object.id}")

# Use get_property method to retrieve properties
applies_to = policy.get_property('appliesTo')
print(f"Number of objects: {len(applies_to)}")

Best Practices

  • This is an abstract base class and should not be instantiated directly. Use concrete policy implementations like TokenLifetimePolicy or ClaimsMappingPolicy.
  • Always ensure proper authentication context is established before accessing policy properties.
  • The applies_to property returns a lazy-loaded collection. Call execute_query() to fetch actual data from the API.
  • Use get_property() method for consistent property access that handles both standard and custom properties.
  • Cache the applies_to collection if you need to access it multiple times to avoid redundant API calls.
  • Handle API exceptions when accessing applies_to as network or permission issues may occur.
  • Ensure your application has sufficient Microsoft Graph API permissions (Policy.Read.All or Policy.ReadWrite.All) to access policy data.
  • The class inherits from PolicyBase, so all PolicyBase methods and properties are available.
  • Property mappings in get_property() provide a centralized way to handle property resolution and should be extended in subclasses as needed.

Tags

microsoft-graph identity-platform sts-policy security-token-service policy-management directory-objects azure-ad authentication authorization abstract-base-class

Similar Components

AI-powered semantic similarity - components with related functionality:

  • class PolicyBase 73.5% similar

    PolicyBase is an abstract base class that represents a policy object in a directory service, providing common functionality for policy types to inherit from.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/policies/base.py

  • class STSProfile 69.5% similar

    STSProfile is a configuration class that manages Security Token Service (STS) profile settings for Microsoft Online authentication, including URLs, timestamps, and service endpoints.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/runtime/auth/sts_profile.py

  • class TokenIssuancePolicy 64.2% similar

    A policy class that defines characteristics of SAML tokens issued by Azure AD, including signing options, algorithms, and token versions.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/policies/token_issuance.py

  • class AuthorizationPolicy 60.9% similar

    A singleton class representing Azure Active Directory authorization policy settings that control tenant-level authorization behaviors.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/policies/authorization.py

  • class TenantAppManagementPolicy 59.8% similar

    A class representing a tenant-wide application authentication method policy that enforces app management restrictions for all applications and service principals in Microsoft 365/Azure AD.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/policies/tenant_app_management.py
← Back to Browse