If the use case that you are working on requires you to switch roles in the session created via the OAuth access token, then you shall have to use the scope as SESSION:ROLE-ANY.

In addition, on the Snowflake account, please verify that the parameter EXTERNAL_OAUTH_ANY_ROLE_MODE is set to True.

Reference:

https://docs.snowflake.com/en/sql-reference/sql/alter-security-integration-oauth-external