🔍 Code Extractor

class CertificateBasedAuthConfiguration

Maturity: 62

Represents Azure Active Directory certificate-based authentication configuration for Exchange Online accounts, managing trusted certificate authorities for client certificate authentication.

File:
/tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/certificates/auth_configuration.py
Lines:
6 - 28
Complexity:
moderate

Purpose

This class provides an interface to manage certificate-based authentication configuration in Azure Active Directory. It enables authentication using client certificates on Windows, Android, and iOS devices for Exchange Online accounts, eliminating the need for username/password combinations in Microsoft mobile applications (Outlook, Word) and Exchange ActiveSync clients. The class manages a collection of certificate authorities that establish a trusted certificate chain for client authentication.

Source Code

class CertificateBasedAuthConfiguration(Entity):
    """
    Certificate-based authentication enables you to be authenticated by Azure Active Directory with a client certificate
    on a Windows, Android, or iOS device when connecting your Exchange Online account to:

       - Microsoft mobile applications such as Outlook and Word
       - Exchange ActiveSync (EAS) clients

    Configuring this feature eliminates the need to enter a username and password combination into certain mail and
    Microsoft Office applications on your mobile device.
    Certificate-based authentication configuration is provided through a collection of certificate authorities.
    The certificate authorities are used to establish a trusted certificate chain which enables clients to
    be authenticated by Azure Active Directory with a client certificate.
    """

    @property
    def certificate_authorities(self):
        """
        Collection of certificate authorities which creates a trusted certificate chain.
        """
        return self.properties.get(
            "certificateAuthorities", ClientValueCollection(CertificateAuthority)
        )

Parameters

Name Type Default Kind
bases Entity -

Parameter Details

__init__: Inherits constructor from Entity base class. No explicit constructor parameters are defined in this class. Initialization follows the Entity class pattern, which typically accepts entity data from the Microsoft Graph API.

Return Value

Instantiation returns a CertificateBasedAuthConfiguration object that represents a certificate-based authentication configuration entity. The certificate_authorities property returns a ClientValueCollection containing CertificateAuthority objects, representing the collection of certificate authorities used to establish the trusted certificate chain.

Class Interface

Methods

@property certificate_authorities(self) -> ClientValueCollection[CertificateAuthority] property

Purpose: Retrieves the collection of certificate authorities that establish a trusted certificate chain for client authentication

Returns: ClientValueCollection containing CertificateAuthority objects. Returns an empty collection if no certificate authorities are configured.

Attributes

Name Type Description Scope
properties dict Inherited from Entity base class. Stores the entity's properties including certificateAuthorities data retrieved from Microsoft Graph API instance

Dependencies

  • office365.directory.certificates.authority
  • office365.entity
  • office365.runtime.client_value_collection

Required Imports

from office365.directory.certificates.authority import CertificateAuthority
from office365.entity import Entity
from office365.runtime.client_value_collection import ClientValueCollection

Usage Example

from office365.directory.certificates.certificate_based_auth_configuration import CertificateBasedAuthConfiguration
from office365.graph_client import GraphClient

# Authenticate with Microsoft Graph
client = GraphClient.with_credentials(tenant_id, client_id, client_secret)

# Get certificate-based auth configuration
auth_config = client.organization.certificate_based_auth_configuration.get().execute_query()

# Access certificate authorities
cert_authorities = auth_config.certificate_authorities
for authority in cert_authorities:
    print(f"Certificate Authority: {authority}")

# The configuration is typically read from Azure AD
# Modifications would be done through the Microsoft Graph API

Best Practices

  • This class is typically instantiated by the Microsoft Graph API client library, not directly by user code
  • Access certificate authorities through the certificate_authorities property rather than directly manipulating the properties dictionary
  • The class inherits from Entity, so it follows the Entity lifecycle pattern including lazy loading of properties
  • Certificate authorities are returned as a ClientValueCollection, which may require calling execute_query() to populate data from the API
  • Ensure proper Microsoft Graph API permissions (Policy.Read.All or Policy.ReadWrite.AuthenticationMethod) are granted before accessing this configuration
  • The certificate_authorities property uses lazy initialization - it retrieves from properties dictionary or returns an empty ClientValueCollection
  • This is a read-heavy entity; modifications to certificate-based authentication should be done through appropriate Microsoft Graph API endpoints
  • Always handle potential None values when accessing properties, as data may not be loaded until an API query is executed

Tags

azure-active-directory certificate-authentication exchange-online microsoft-graph authentication security certificate-authority mobile-authentication entity

Similar Components

AI-powered semantic similarity - components with related functionality:

  • class ClientCertificateAuthentication 63.4% similar

    A class representing Pkcs12-based client certificate authentication configuration, derived from ApiAuthenticationConfigurationBase, used to manage and retrieve public properties of uploaded certificates.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/authentication/client_certificate.py

  • class CertificateAuthority 58.4% similar

    A data class representing a certificate authority with its associated properties such as certificate, revocation list URL, and issuer information.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/certificates/authority.py

  • class AuthenticationContext 58.0% similar

    AuthenticationContext manages authentication for SharePoint Online and OneDrive For Business, supporting multiple authentication methods including certificate-based, interactive, device flow, user credentials, and client credentials.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/runtime/auth/authentication_context.py

  • class Authentication_v1 56.3% similar

    Exposes relationships that represent the authentication methods supported by Azure AD and that can configured for users.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/authentication/authentication.py

  • class ApiAuthenticationConfigurationBase 56.0% similar

    Base class for holding authentication configuration information when calling APIs, serving as a parent class for various authentication types.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/authentication/configuration_base.py
← Back to Browse