Just to be more specific on my last replay - if you tried to decode the access token via jwt.io and got an empty payload, it may be that you receive an opaque token instead of jwt token. Here you can find explanation for it - Why is my access token not a JWT? (Opaque Token)
So I was actually referring to the “audience” parameter that needs to be set to receive a jwt token. With angular sdk, it would go there:
Also, this topic refers to adding user roles to the access token - Adding user roles to access token - #4 by chris.tice
Hope this helps!