Hey @MikeW,
I’m back from vacation and got to dig into this a bit this morning.
Rather than selecting SPA, I set “Public client/native (Mobile & Desktop)” as the type for Application Registration, then set the redirect URI. After that it just worked. Screenshot of the config page below.
This “Just Worked” after setting the OIDC endpoint & client ID in Central