Check out xooauth, configuring identity providers, and its usage with LTI services. This is integrated with the OpenACS identity management, including API (such as auth::require_login, logout etc.) and Web interface.
There is as well a presentation of Sebastian Scheder at the recent OpenACS conference.