Hi @aditya-1
The issue is caused by the fact that whenever you update user data during a Trigger, the access and ID token are being generated and forwarded to the application prior to the updates finalizing. This means that in order to receive a proper token with the updated information of the user you would need to either force re-authentication for the user or perform a silent authentication once they have logged in so that your application can retrieve the new token with all the necessary information.
As you have mentioned, another alternative would be to map the necessary values as custom claims inside the ID token so that you can bypass the need of re-authentication.
Otherwise, you can use a machine-to-machine application to assign roles outside of the Action (e.g., via a backend job triggered post-registration via a webhook or event).
Let me know if you have any other questions!
Kind Regards,
Nik