[1_player]

What's an example of a site that needs third-party cookies to work? If it breaks because it can't load Google Analytics, that's a website bug.

[9dev]

Authentication on www.example.com from auth.example.net, would be a common issue, for one.

Edit: fixed the domain to actually make the point I was trying to make.

[IMTDb]

The root domain example.com is still the same here.

[9dev]

Heh. You’re absolutely right, I misspelt the domain. Point being, sometimes you have different domains that belong to the same entity and you need to bridge them; this seems strange to small companies, but happens quite often in enterprise.

[Brybry]

Blizzard's Battle.net does, or at least did at one point.

In 2020 my friend couldn't add a new credit card to his account because browsers updated their same-site cookie behavior.

They were setting their JSESSIONID cookie wrong when doing oauth behind-the-scenes which caused a nice 302 redirect loop. For whatever reason the API calls required both *.battle.net and account.blizzard.com.

[ratww]

Microsoft Teams and some Atlassian products also fail when third-party cookies are disabled.

You have to activate them for the login but you can deactivate afterwards.

[erinnh]

Until early this year, anything by Atlassian broke without third-party cookies because of how they did their SSO.

They finally fixed it this year. Made it impossible for me to login on my Firefox browser.

Sony Playstation website also broke until like three years ago with third-party cookies disabled.

[gostsamo]

sso, I think. you cannot authenticate with a Google, FB, or Apple account.

[algesten]

That's not how that works. One common way here is OAuth2 which includes a callback URL such as:

https://internal.yourcompany.com/oauth2/callback?token…

That token in the callback does not require any kind of cookie to use for subsequent authenticated calls.

[IMTDb]

"Sign In with Google" works with third party cookies disabled.