private function _validateCsrfToken()
{
$actualToken = (string) $this->getRequestParams()->getParamValue('csrf_token');
$expectedToken = (string) $this->_oauth2Environment->getCsrfSecret();
if ($actualToken !== $expectedToken) {
$this->bail('Invalid csrf_token. Possible CSRF attack.');
}
}
