When you say login would break, what do you mean? Just that it would be less convenient, i.e. you have to login to your identity provider once for each first party? Or are you suggesting that the redirect flow for OpenID Connect or oauth wouldn't work at all?