Validates a Bot Service or Entra ID Bearer token.
Throws BotAuthError if the token is missing, malformed, or fails validation.
Supports tokens from both the Bot Service channel service and Azure AD/Entra ID.
The correct OpenID configuration is selected dynamically by inspecting the token's
iss claim before full validation (see specs/inbound-auth.md).
Parameters
authHeader: string|undefined
The Authorization header value (e.g. "Bearer <token>")
OptionalappId: string
The bot's client ID (audience). Falls back to CLIENT_ID env var.
Validates a Bot Service or Entra ID Bearer token. Throws BotAuthError if the token is missing, malformed, or fails validation.
Supports tokens from both the Bot Service channel service and Azure AD/Entra ID. The correct OpenID configuration is selected dynamically by inspecting the token's
issclaim before full validation (see specs/inbound-auth.md).