@ctavan, sorry for not responding, Just now seeing it somehow.
I think this is expected behavior. By having 3rd party cookies blocked, you’re essentially entering credentials, then saying telling draw.io “Sorry you actually can’t use those”.
To solve this on my end, I left my Global Shields Defaults unchanged.
Instead, I dropped Shields entirely for draw.io, authenticated in via google, then turned my Shields back on and set to Allow all cookies on the domain level for draw.io. Now I still retain my default protections and only allow cookie access to draw.io.
Let me know if any of this is unclear.