🔍 Code Extractor

class AuthenticationMethod

Maturity: 55

Represents an authentication method registered to a user in Azure Active Directory, providing functionality to manage authentication credentials such as passwords, phone numbers, and FIDO2 security keys.

File:
/tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/authentication/methods/method.py
Lines:
9 - 42
Complexity:
moderate

Purpose

This class models authentication methods used by users to prove their identity in Azure Active Directory. It extends the Entity base class and provides administrative operations for managing authentication methods, particularly password reset functionality. The class is designed for use by administrators with appropriate permissions to manage user authentication methods, including resetting passwords with options for hybrid (cloud + on-premises) scenarios and enforcing password changes on next sign-in.

Source Code

class AuthenticationMethod(Entity):
    """Represents an authentication method registered to a user. An authentication method is something used by a user
    to authenticate or otherwise prove their identity to the system. Some examples include password,
    phone (usable via SMS or voice call), FIDO2 security keys, and more."""

    def reset_password(self, new_password, require_change_on_next_signin):
        """
        Reset a user's password, represented by a password authentication method object. This can only be done by an
        administrator with appropriate permissions and cannot be performed on a user's own account.

        This flow writes the new password to Azure Active Directory and pushes it to on-premises Active Directory
        if configured using password writeback. The admin can either provide a new password or have the system
        generate one. The user is prompted to change their password on their next sign in.

        This reset is a long-running operation and will return a Location header with a link where the caller
        can periodically check for the status of the reset operation.

        :param str new_password: The new password. Required for tenants with hybrid password scenarios.
            If omitted for a cloud-only password, the system returns a system-generated password. This is a unicode
            string with no other encoding. It is validated against the tenant's banned password system before
            acceptance, and must adhere to the tenant's cloud and/or on-premises password requirements.
        :param bool require_change_on_next_signin: Specifies whether the user must change their password at
            their next sign in.
        """
        return_type = ClientResult(self.context, PasswordResetResponse())
        payload = {
            "newPassword": new_password,
            "requireChangeOnNextSignIn": require_change_on_next_signin,
        }
        qry = ServiceOperationQuery(
            self, "resetPassword", None, payload, None, return_type
        )
        self.context.add_query(qry)
        return return_type

Parameters

Name Type Default Kind
bases Entity -

Parameter Details

bases: Inherits from Entity class, which provides base functionality for Microsoft Graph API entities including context management and query execution capabilities

Return Value

Instantiation returns an AuthenticationMethod object representing a specific authentication method for a user. The reset_password method returns a ClientResult object containing a PasswordResetResponse, which includes details about the password reset operation and a Location header for tracking the long-running operation status.

Class Interface

Methods

reset_password(new_password: str, require_change_on_next_signin: bool) -> ClientResult

Purpose: Resets a user's password as an administrator, with support for both cloud-only and hybrid Active Directory scenarios. This is a long-running operation that writes to Azure AD and optionally syncs to on-premises AD.

Parameters:

  • new_password: The new password to set. Required for hybrid password scenarios (cloud + on-premises AD). Can be None for cloud-only scenarios to have the system generate a password. Must be a unicode string that complies with tenant password policies including banned password checks and complexity requirements.
  • require_change_on_next_signin: Boolean flag specifying whether the user must change their password at their next sign-in. Recommended to set to True for administrative password resets.

Returns: ClientResult object containing a PasswordResetResponse. The response includes a Location header with a URL to poll for the status of the long-running reset operation. Access the response via result.value after calling context.execute_query().

Attributes

Name Type Description Scope
context ClientContext The Microsoft Graph API client context inherited from Entity base class, used for executing queries and managing authentication instance

Dependencies

  • office365

Required Imports

from office365.directory.authentication.password_reset_response import PasswordResetResponse
from office365.entity import Entity
from office365.runtime.client_result import ClientResult
from office365.runtime.queries.service_operation import ServiceOperationQuery

Usage Example

# Assuming you have an authenticated context and user object
from office365.directory.authentication.authentication_method import AuthenticationMethod

# Get authentication method for a user (typically retrieved from user object)
auth_method = user.authentication.methods.get_by_id('password_method_id')

# Reset password as administrator
result = auth_method.reset_password(
    new_password='NewSecureP@ssw0rd!',
    require_change_on_next_signin=True
)

# Execute the query
context.execute_query()

# Access the reset response
reset_response = result.value
print(f"Password reset status: {reset_response}")

# For cloud-only scenarios, let system generate password
result = auth_method.reset_password(
    new_password=None,
    require_change_on_next_signin=True
)
context.execute_query()

Best Practices

  • Only administrators with appropriate permissions can use the reset_password method; attempting to reset your own password will fail
  • The reset_password operation is long-running; use the Location header from the response to poll for operation status
  • For hybrid password scenarios (cloud + on-premises AD), the new_password parameter is required
  • For cloud-only scenarios, you can omit new_password to have the system generate a secure password
  • Always call context.execute_query() after invoking reset_password to actually execute the operation
  • The new password must comply with the tenant's password policy including banned password checks and complexity requirements
  • Consider setting require_change_on_next_signin=True for security best practices when resetting passwords administratively
  • The password is validated against both cloud and on-premises password requirements in hybrid scenarios
  • Store the ClientResult object to access the PasswordResetResponse after query execution

Tags

authentication azure-active-directory password-management identity security user-management microsoft-graph admin-operations password-reset hybrid-identity

Similar Components

AI-powered semantic similarity - components with related functionality:

  • class PasswordAuthenticationMethod 82.1% similar

    A class representing a user's password authentication method in Microsoft 365/Office 365 directory services. This class provides a secure abstraction for password management without exposing the actual password value.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/authentication/methods/password.py

  • class AuthenticationMethodsPolicy 78.8% similar

    A class representing Azure Active Directory authentication methods policy that defines which authentication methods users can use for sign-in and multi-factor authentication (MFA).

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/policies/authentication_methods.py

  • class AuthenticationMethodsRoot 75.7% similar

    A container class for navigating and accessing Azure AD authentication methods resources, providing access to user registration details and authentication method statistics.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/authentication/methods/root.py

  • class Fido2AuthenticationMethod 74.5% similar

    A class representing a FIDO2 security key authentication method registered to a user in Microsoft 365/Azure AD.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/authentication/methods/fido.py

  • class EmailAuthenticationMethod 71.7% similar

    Represents an email address registered to a user as an authentication method, specifically for self-service password reset (SSPR) functionality.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/authentication/methods/email.py
← Back to Browse