No problem, I’m happy to help!
The issue seems to be that you are using an access token of a user as opposed to a Management API Access token - The authorize request shared is that of a interactive (user-involved) flow as opposed to non-interactive (machine to machine). In general, you won’t be able to use a user’s access token against the Management API except for a very limited set of use cases due to security implications (see public vs. confidential clients). A Management API access token when decoded will look something like:
You’ll need to handle requesting a Management API access token on your backend as an entirely separate process to getting a user’s access token. For testing purposes, you can navigate to Applications → APIs → Management AP → Test and choose the relevant application. This will provide you with an example access token for the M2M app which you can use against the Management API to get a user’s roles.
This should help outline the idea at a high level:
Hope this helps!