8 – How to Logout user with Basic auth?

I can log in, perfectly fine, but can’t get logout to give me a JSON response. Currently, I can only do POST to

d8.com/user/logout?csrf_token=123&?_format=json 

and that would log out, even though the token 123 is not the same as the given csrf-token at login or the logout token. This doesn’t work without the token query, even though cookie/session isn’t enabled anywhere

(“message”: “‘csrf_token’ URL query argument is missing.”).

The logout happens when hitting a 403 forbidden on that URL.

Other info:
csrf_token=123 is the actual query, doesn’t need to be csrf-token or the log out token is given at login
Version: 8.5.3
The only basic_auth turned ON, at all endpoints.