You’ll need to explicitly add the roles to ID Tokens using an Action as outlined in the following FAQ:
Permissions are a bit different, and are typically kept within the context of an access token. I recommend taking a look at RBAC as this provides you with the option (assuming you have an API registered in Auth0) to automatically add permissions to user’s access tokens.