There are multiple ways you can achieve this, the most direct one is using cookies. 

You need to set up a service to create and validate authentication tokens, (this can be done completely outside of the Odoo ecosystem (any SSO, Certificates, etc)

When you connect to Odoo, you must have a method that reads the token, or certificate and returns a cookie that stores the session in the browser.

The connection to the Odoo application is always done in HTTPS.

You can only do this if you have access to the base code, and remember that by changing authentication rules, you are bypassing default security, and limiting the security of the application at your own risk. 

Thanks @Niyas, but that is also not what I want. Your solution would work for api actions, but I want to have a genuine browser session just as if I logged in with username and password. 

Hi,

Using the /web/session/authenticate API end point, you can authenticate the user credentials, once this authentication is done, you will receive a session_id, which can be used as a authenticated token/session_id for the further API calls.

So doing the authentication for once, and then using this session_id you can call further API's.

Have a look at this video explaining the same in detail:  https://www.youtube.com/watch?v=wGvuRbCyytk

Thanks

​@http.route('/web/list/product', csrf=False, type='json', auth="none", methods=["POST"])
def list_product(self, categ_id):
return request.env['product.template'].search([('categ_id', '=', categ_id)])

You can use auth='none' to access directly without requiring a username and password. Please follow the example.