I have my SPA (Angular) setup exactly as described here. Also as described by the OP I do not have a custom domain.
I am still seeing third party cookies set and the login flow fails if I configure my browser to block third party cookies. The cookies in yellow below are getting blocked (it’s not clear to me why the others aren’t also blocked):
Is this setup possible without third party cookies?