Merge pull request #104822 from ecfan/request-oauth-support

Add updates for enabling Azure AD OAuth support in Request triggers

Author: Court72

articles/connectors/connectors-native-reqres.md

@@ -5,7 +5,7 @@ services: logic-apps
 ms.suite: integration
 ms.reviewers: klam, logicappspm
 ms.topic: conceptual
-ms.date: 03/12/2020
+ms.date: 05/04/2020
 tags: connectors
 ---
 
@@ -17,11 +17,15 @@ With [Azure Logic Apps](../logic-apps/logic-apps-overview.md) and the built-in R
 * Trigger a workflow when an external webhook event happens.
 * Receive and respond to an HTTPS call from another logic app.
 
+The Request trigger supports [Azure Active Directory Open Authentication](../active-directory/develop/about-microsoft-identity-platform.md) (Azure AD OAuth) for authorizing inbound calls to your logic app. For more information about enabling this authentication, see [Secure access and data in Azure Logic Apps - Enable Azure AD OAuth authentication](../logic-apps/logic-apps-securing-a-logic-app.md#enable-oauth).
+
 > [!NOTE]
-> The Request trigger supports *only* Transport Layer Security (TLS) 1.2 for incoming calls. Outgoing calls 
-> continue to support TLS 1.0, 1.1, and 1.2. For more information, see [Solving the TLS 1.0 problem](https://docs.microsoft.com/security/solving-tls1-problem).
+> The Request trigger supports *only* Transport Layer Security (TLS) 1.2 for incoming calls. 
+> Outgoing calls support TLS 1.0, 1.1, and 1.2. For more information, see 
+> [Solving the TLS 1.0 problem](https://docs.microsoft.com/security/solving-tls1-problem).
 >
-> If you see TLS handshake errors, make sure that you use TLS 1.2. For incoming calls, here are the supported cipher suites:
+> If you get TLS handshake errors, make sure that you use TLS 1.2. 
+> For incoming calls, here are the supported cipher suites:
 >
 > * TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
 > * TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
@@ -42,7 +46,7 @@ With [Azure Logic Apps](../logic-apps/logic-apps-overview.md) and the built-in R
 
 ## Add Request trigger
 
-This built-in trigger creates a manually callable HTTPS endpoint that can receive *only* incoming HTTPS requests. When this event happens, the trigger fires and runs the logic app. For more information about the trigger's underlying JSON definition and how to call this trigger, see the [Request trigger type](../logic-apps/logic-apps-workflow-actions-triggers.md#request-trigger) and [Call, trigger, or nest workflows with HTTP endpoints in Azure Logic Apps](../logic-apps/logic-apps-http-endpoint.md).
+This built-in trigger creates a manually callable HTTPS endpoint that can receive *only* incoming HTTPS requests. When this event happens, the trigger fires and runs the logic app.
 
 1. Sign in to the [Azure portal](https://portal.azure.com). Create a blank logic app.
 
@@ -173,13 +177,17 @@ This built-in trigger creates a manually callable HTTPS endpoint that can receiv
 
    Your logic app keeps the incoming request open only for one minute. Assuming that your logic app workflow includes a Response action, if the logic app doesn't return a response after this time passes, your logic app returns a `504 GATEWAY TIMEOUT` to the caller. Otherwise, if your logic app doesn't include a Response action, your logic app immediately returns a `202 ACCEPTED` response to the caller.
 
-1. When you're done, save your logic app. On the designer toolbar, select **Save**. 
+1. When you're done, save your logic app. On the designer toolbar, select **Save**.
 
    This step generates the URL to use for sending the request that triggers the logic app. To copy this URL, select the copy icon next to the URL.
 
    ![URL to use triggering your logic app](./media/connectors-native-reqres/generated-url.png)
 
-1. To trigger your logic app, send an HTTP POST to the generated URL. For example, you can use a tool such as [Postman](https://www.getpostman.com/).
+1. To trigger your logic app, send an HTTP POST to the generated URL.
+
+   For example, you can use a tool such as [Postman](https://www.getpostman.com/) to send the HTTP POST. If you [enabled Azure Active Directory Open Authentication](../logic-apps/logic-apps-securing-a-logic-app.md#enable-oauth) (Azure AD OAuth) for authorizing inbound calls to the Request trigger, either call the trigger by using a [Shared Access Signature (SAS) URL](../logic-apps/logic-apps-securing-a-logic-app.md#sas) or by using an authentication token, but you can't use both. The authentication token must specify the `Bearer` type in the authorization header. For more information, see [Secure access and data in Azure Logic Apps - Access to request-based-triggers](../logic-apps/logic-apps-securing-a-logic-app.md#secure-triggers).
+
+For more information about the trigger's underlying JSON definition and how to call this trigger, see these topics, [Request trigger type](../logic-apps/logic-apps-workflow-actions-triggers.md#request-trigger) and [Call, trigger, or nest workflows with HTTP endpoints in Azure Logic Apps](../logic-apps/logic-apps-http-endpoint.md).
 
 ### Trigger outputs
 
@@ -255,4 +263,4 @@ Your logic app keeps the incoming request open only for one minute. Assuming tha
 
 ## Next steps
 
-* [Connectors for Logic Apps](../connectors/apis-list.md)
+* [Connectors for Logic Apps](../connectors/apis-list.md)

articles/connectors/media/connectors-native-reqres/select-request-trigger.png

@@ -5,7 +5,7 @@ services: logic-apps
 ms.suite: integration
 ms.reviewer: jonfan, logicappspm
 ms.topic: article
-ms.date: 04/17/2020
+ms.date: 05/04/2020
 ---
 
 # Limits and configuration information for Azure Logic Apps
@@ -32,7 +32,6 @@ Here are the limits for a single logic app definition:
 | Length of `description` | 256 characters | |
 | Maximum `parameters` | 50 | |
 | Maximum `outputs` | 10 | |
-||||
 
 <a name="run-duration-retention-limits"></a>
 
@@ -151,8 +150,8 @@ Some connector operations make asynchronous calls or listen for webhook requests
 
 | Name | Multi-tenant limit | Integration service environment limit | Notes |
 |------|--------------------|---------------------------------------|-------|
-| Message size | 100 MB | 200 MB | ISE-labeled connectors use the ISE limit, not their non-ISE connector limits. <p><p>To work around this limit, see [Handle large messages with chunking](../logic-apps/logic-apps-handle-large-messages.md). However, some connectors and APIs might not support chunking or even the default limit. |
-| Message size with chunking | 1 GB | 5 GB | This limit applies to actions that either natively support chunking or let you enable chunking in their runtime configuration. <p><p>For the integration service environment, the Logic Apps engine supports this limit, but connectors have their own chunking limits up to the engine limit, for example, see the [Azure Blob Storage connector's API reference](https://docs.microsoft.com/connectors/azureblob/). For more information about chunking, see [Handle large messages with chunking](../logic-apps/logic-apps-handle-large-messages.md). |
+| Message size | 100 MB | 200 MB | To work around this limit, see [Handle large messages with chunking](../logic-apps/logic-apps-handle-large-messages.md). However, some connectors and APIs might not support chunking or even the default limit. <p><p>- Connectors such as AS2, X12, and EDIFACT have their own [B2B message limits](#b2b-protocol-limits). <br>- ISE connectors use the ISE limit, not their non-ISE connector limits. |
+| Message size with chunking | 1 GB | 5 GB | This limit applies to actions that either natively support chunking or let you enable chunking in their runtime configuration. <p><p>If you're using an ISE, the Logic Apps engine supports this limit, but connectors have their own chunking limits up to the engine limit, for example, see the [Azure Blob Storage connector's API reference](https://docs.microsoft.com/connectors/azureblob/). For more information about chunking, see [Handle large messages with chunking](../logic-apps/logic-apps-handle-large-messages.md). |
 |||||
 
 #### Character limits
@@ -174,6 +173,18 @@ Some connector operations make asynchronous calls or listen for webhook requests
 | Retry min delay | 5 seconds | To change the default, use the [retry policy parameter](../logic-apps/logic-apps-workflow-actions-triggers.md). |
 ||||
 
+<a name="authentication-limits"></a>
+
+### Authentication limits
+
+Here are the limits for a logic app that starts with a Request trigger and enables [Azure Active Directory Open Authentication](../active-directory/develop/about-microsoft-identity-platform.md) (Azure AD OAuth) for authorizing inbound calls to the Request trigger:
+
+| Name | Limit | Notes |
+| ---- | ----- | ----- |
+| Azure AD authorization policies | 5 | |
+| Claims per authorization policy | 10 | |
+||||
+
 <a name="custom-connector-limits"></a>
 
 ## Custom connector limits