In my case, I created a new page (on the server where I need to log in) that I opened using window.open() from an iframe and sent the authorization data there using postMessage(). The page contained code that sent the authorization data (using the fetch) to the server and received a response, which I sent back, also using window.opener.postMessage() and closed the window using window.close().

But unfortunately in some cases this does not work because the browser can block pop-ups in certain cases.
That's why I abandoned cookie-based authentication and switched to jwtToken.