I'm using Moodle as an authentication backend for a Python-flask service I'm building. The basic gist is:
1. User provides service with Moodle username
2. User provides service with Moodle password
3. Service calls 'GET https://www.yourmoodle.com/login/token.php?username=user&password=pass&service=yourwsservice'
4. That call will either return a token if the username:password:service combo is valid or an error<
5. If you get a token, let user log in to service, otherwise, give bad username:password error
This works pretty well for basic moodle-as-an-auth-database type applications.
The backend Moodle WS API code is at https://github.com/asayler/moodle-ws-python/blob/master/ws.py.
The code for the service using Moodle as the backend auth provider is at: https://github.com/asayler/CU-Online-Grading/blob/master/cogs/authmod_moodle.py.
I'm not sure about doing SSO or Federated Identity through, which sounds like what you'd need to automatically log in users who have already logged into Moodle. Maybe Moodle can act as an OpenID provider?