Universal Login does not work without custom domain as stated

The documentation says we can avoid 3rd party cookies when we use the Universal Login, but this has not been the case for us while having to support multiple audiences.
Just to confirm, would this work when you’re only calling getTokenSilently on the same audience that was specified during authentication? or it’s supposed to work anyways for all audiences?