Yes that is correct, if you need your API to be aware of the roles, and you have not added them to the token you will need to call the management API to fetch that information.
Yes that is correct, if you need your API to be aware of the roles, and you have not added them to the token you will need to call the management API to fetch that information.