As the title says, has anyone gotten this to work? I've looked around and searched the forums and the web, and I've not seen anyone that seems to have attempted it.

.well_known seems to not work because Cognito doesn't say it supports response type 'id_token', presumably because "token" acts as the more traditional "token id_token" type in Cognito.

From a quick glance around the the script includes, it looks like the relevant code to modify to support this may be in SNC.GlideMultiSSO, which I don't believe we can customize. I'm assuming this is the stumbling block (though I would love to be proven wrong!) to getting SSO to Cognito.

I've tried setting it up manually as well- "Log in Via Cognito" button seems to just redirect me to 'not_allowed.do", and manually triggering the SSO directly from AWS lands me on "oauth_redirect.do" with the error "Your OAuth redirect failed. Please check if the redirect URL setup in your OAuth configuration matches your ServiceNow instance URL." (which I believe it does- there's two redirect URLs set, the IdP's "Servicenow Homepage" set to <instanceURL>/navpage.do, the OIDC Entity's Redirect URL, which is <instanceURL>/oauth_redirect.do). Everything is Authorization Grant as well.

Any ways to get this to work?