diff --git a/core/modules/basic_auth/src/Authentication/Provider/BasicAuth.php b/core/modules/basic_auth/src/Authentication/Provider/BasicAuth.php
index d59a03f45bf58d2884285dd5b7574695f37cee12..0e306a5b359572c2e23bea0921b462f6173b2c7b 100644
--- a/core/modules/basic_auth/src/Authentication/Provider/BasicAuth.php
+++ b/core/modules/basic_auth/src/Authentication/Provider/BasicAuth.php
@@ -107,10 +107,10 @@ public function authenticate(Request $request) {
         // Don't allow login if the limit for this user has been reached.
         // Default is to allow 5 failed attempts every 6 hours.
         if ($this->flood->isAllowed('basic_auth.failed_login_user', $flood_config->get('user_limit'), $flood_config->get('user_window'), $identifier)) {
-          $uid = $this->userAuth->authenticateAccount($account, $password);
+          $uid = $this->userAuth->authenticate($username, $password);
           if ($uid) {
             $this->flood->clear('basic_auth.failed_login_user', $identifier);
-            return $account;
+            return $this->entityTypeManager->getStorage('user')->load($uid);
           }
           else {
             // Register a per-user failed login event.