Validate token in the webhook

[tachyons]

• The token was sent in the HTTP Authorization header with “Bearer” scheme
• The token is valid JSON that conforms to the JWT standard (see references)
• The token contains an issuer claim with value of https://api.botframework.com
• The token contains an audience claim with a value equivalent to your bot’s Microsoft App ID.
• The token has not yet expired. Industry-standard clock-skew is 5 minutes.
• The token has a valid cryptographic signature with a key listed in the OpenId keys document retrieved in step 1, above.

[FilBot3]

I would like to attempt to help out. Is there an IRC channel or Matrix group for this?

[tachyons]

@predatorian3 Thanks for your interest. We don't any such communication channel for now. We can make one if you are interested

[luispollo]

@tachyons I'm also wondering if we could make the connector configuration a little more flexible so you could use a token generated by Microsoft Teams for custom bots, without the need for an app ID and secret?
Reference: https://docs.microsoft.com/en-us/microsoftteams/platform/concepts/custom-bot

[tachyons]

Sure, I do not have azure or Microsoft team account at this moment. So it may take some time PRs are welcome