I am creating a set of API endpoints for a mobile app using Rest. For User authentication, I am using the default API endpoints supplied by Drupal. That would be
/user/logout?_format=json&token=<logout_token obtained from login api response.>
I wanted to remove the _format=json from the URL parameter and so I created a custom route with the existing controller just for this purpose. However, I am getting an error.
"'csrf_token' URL query argument is invalid
I am not able to figure out how to remove this error. I had added a csrf_token as an additional parameter with the one I got from successful login. It seems however that the csrf token being validated against is generated somewhere else.
I can remove this error by removing the csrf token entry from the routing file entry but that would be a security violation. How do we fix this error or is there a better way to handle the user logout api endpoint.