private function _validateCsrfToken() { $actualToken = (string) $this->getRequestParams()->getParamValue('csrf_token'); $expectedToken = (string) $this->_oauth2Environment->getCsrfSecret(); if ($actualToken !== $expectedToken) { $this->bail('Invalid csrf_token. Possible CSRF attack.'); } }