Following the tutorials (including angular SPA code) gets everything working. One point of confusion, when I add a Microsoft provider to my B2C setup it prompts for consent after login because "profile" and "email" are added to the scopes somewhere even though I only specify "openid" in scopes in the angular spa tutorial. I'm just trying to get simple auth from the providers and let B2C handle everything else.
Saw that I could control this better with custom profiles and the "profile" scope was necessary to get the issuerUseId claim to support the CreateAlternativeSecurityId claims transformation in AAD B2C.