Any reasons for doing this? This is not how it is supposed to be. REST should answer with Status 401, and optionally  with methods available. And web application when gets 401, it knows that it has to authorize the user, and shows its own page or initiates SSO, depending on the task.

Anyway, if really do this way, It looks like %CSP.REST extends %CSP.Login, and it has Method Login

Called for a REST page in the event of a login being required

Did not test it, but I would expect it will do what requested