Following the examples about csrf token validation in controllers in symfony i found always examples with form.csrf_provider. But this is deprecated since version 2.4 and i didn’t found any example for the new implementation until i stumbled after long crawling on a description of what’s new in symfony 2.6. And as in most cases, it’s dead simple:

Previous Symfony versions

use Symfony\Component\Security\Csrf\CsrfToken;

$this->get('security.csrf.token_manager')->isTokenValid(new CsrfToken('token_id', 'TOKEN'))

Symfony 2.6

$this->isCsrfTokenValid('token_id', 'TOKEN');

Image: „CodeIgniter Code II“ (CC BY 2.0) by  Kovah.de