What are the issues with logout? Really the only difference between what you have done and what would happen with a federated_logon handler is that would be executed only during a logon request. (But of course that may be the issue--pretty hard to log out if the page refresh logs you back in!)
Anyway, the above script is the best example of a simplified federated_logon handler. Also, the individual handlers supplied are not so complicated if you ignore the OpenID_try_auth.php script. What that does is handle the communication for authentication. Your code replaces that. Google and Yahoo handle the whole transaction "off line" to Zenphoto, so there is no code other than making the connection. Verisign on the other hand only provides a "verification" so the handler has to show the verification result and allow for a redirect back to Zenphoto. What you need to do depends on how Facebook behaves.
It would appear that the difference in what you have already done and what is needed would be to handle the case where the user was not currently logged in to Facebook.