The SMF login plugin has a php file that makes a half-hearted attempt at mimicking the interface to google's oauth library. It isn't the best thing, one place a change a global variable with an error, another place throws an exception. I can't remember at the moment why this is. The idea is that one could use existing plugins based on oauth (which may be what facebook uses?) and then just swap out this file and do a few lines of change code.
The alternative is learning enough about Wordpress, or any other CMS/forum to implement the hooks. SMF is a mess. It has a hook system that requires regexps changing out text etc. So perhaps one would be better just doing it on their own elsewhere without starting with an oauth library.
There is also Nathan's Proof of Concept source code that pretty much does everything although the flow of the code was confusing to me at first. It is minimal.
Looking at what you want to do ...
"createuser" has to be done in the logic of your code. You have a Bitshares account, but you create that inside the client. There is no concept of "logout" only "loginuser" which basically is being authenticated. So it doesn't even really login, it is only authenticating. "logout" would be handled by the web-service system.
This is how it works. You have to create the token with wallet_start_login (or somesuch) and put that in a button with bts:// protocol. So then user clicks on that button and it is routed to the local wallet. The local wallet does the crypto-magic and opens a page that goes back to the authentication URL that was passed in the url via the login button. So then your web-service processes that and decides whether they're logged in or not via another wallet call.