private bool IsXsrfSafe(
string cookie,
string xsrfToken,
IAccessToken accessToken,
AuthenticationMode authMode
) {
if( authMode == AuthenticationMode.SkipXsrfValidation ) {
return true;
}
bool isBrowserUser = !string.IsNullOrEmpty( cookie );
if( !isBrowserUser ) {
return true;
}
// we must now validate that the xsrf tokens match
string xsrfTokenFromAccessToken = accessToken.GetXsrfToken();
bool xsrfTokensEqual = xsrfTokenFromAccessToken == xsrfToken;
bool xsrfTokenContainsValue = !string.IsNullOrEmpty( xsrfToken );
if( !xsrfTokensEqual || !xsrfTokenContainsValue ) {
return false;
}
return true;
}