Can't get roles on SPA

I’m using API v8 and my client type is SPA. My test user has this app_metadata defined:

{
      "authorization": {
    "roles": 
      "admin"
    ],
    "permissions": 
      "admin"
    ]
  }
}

After login, I can’t read those values. The scope gets

{
  email: "email@test.com"
  email_verified:false
  name:"name"
  nickname:"user"
  picture:"https://s.gravatar.com/avatar/xxxxcdn.auth0.com.png"
  sub:"auth0|5??a29b391??????123464"
  updated_at:"2017-06-27T22:22:03.087Z"
}

but how do I get the roles?
Thanks!

You can assign those claims to the id_token (or access_token) via a Rule, outlined further here: