Here you state:
When authentication requests are made from your application (via the Lock widget or a custom login form) to Auth0, the user’s credentials are sent to a domain which differs from the one that serves your application. Collecting user credentials in an application served from one origin and then sending them to another origin
And also this
Auth0 provides a cross-origin authentication flow which makes use of third-party cookies. The use of third-party cookies allows Lock and Auth0’s backend to perform the necessary checks to allow for secure authentication transactions across different origins.
So again - running on Custom domains where the root domain (in this example .MyDomain.com) is same in both case - is still considered as third-party cookie?
Thanks for deeper explanation!