I am trying to login using token-based Auth, because we are using Odoo-web module in mobile-app.

currently using GET-method url-passing approach which is "UNSECURE" on websites without SSL certificates and localhost-websites, as

myurl.com?username=foo&password=bar

How can I do that using Token based approach or passing credentials in POST-method, in Odoo-12?

Edit 1:

I found this authenticate() method in core-modules of odoo in http-controllers file and I am calling that only now, as:

request.session(db, username, password)

but I wanted it to be token based without hardcoding password as different passwords for different partners, which I can't hardcode and it's bad approach.

how can I do it by passing token and validating it?

You can use the authenticate endpoint provided by odoo to create a session for your api user. In the following requests you then use the session id to process operations.

Example call to /web/session/authenticate with body:

{
  "jsonrpc": "2.0",
  "method": "call",
  "id": 1,
  "params": {
    "db": "<YOUR-DB>",
    "login": "<YOUR@LOGIN.COM>",
    "password": "<YOUR-PASSWORD>"
  }
}

You can find a description of the endpoints in https://github.com/odoo/odoo/blob/12.0/odoo/http.py