Please check if you have EXTERNAL_OAUTH_ANY_ROLE_MODE set to enabled on the security integration which you created for this on your snowflake account.

When the token consists of scope SESSION:ROLE-ANY then the security integration created should have EXTERNAL_OAUTH_ANY_ROLE_MODE = 'ENABLE';