OAuth, CAS, SAML, and OpenID are some protocols that address this situation. Usually it's pretty easy to deploy libraries that implement those.
Most suggestions would be re-implementing those flows :)
The "Server Flow" section in Google's OAuth2 authentication guide is an example of how the 3 entities (browser, website, authenticator) exchange tokens: