I am currently trying to integration Microsoft Teams and ServiceNow. I was able to send an HTTP Request to teams and create a connector card (through incoming web hook connector). This card has an actionable message that will perform the HttpPOST back to ServiceNow's processor path. In this processor, I was able to get the authorization header that contains the bearer token which as i understand is a JWT token. So below are my questions:
1) For security purposes, should I be verifying this JWT token? I tried to do this be it looks like I need a shared secret from MS Teams which I do not have. 2) Am i going about this correctly? Maybe i need to set up a bot in MS Teams that provides client ID and Secret and set up an OAuth in ServiceNow instead?
I really appreciate your inputs!