Great!
It appears that the JWT does indeed include the roles, meaning that the action functions as expected.
The information regarding the roles should be available inside the user object in your application under session.user. If this is not the case, could you please console log the user inside your application and let me know what is visible in there?
Kind Regards,
Nik