i tried new code, still no luck 
why is this so difficult, seems easy, just return the user roles assigned to the user
exports.onExecutePostLogin = async (event, api) => {
const namespace = "https://auth.myapp.local/roles";
let roles = event.authorization?.roles || [];
// Assign default role if no roles exist
if (roles.length === 0) {
const { ManagementClient } = require("auth0");
const management = new ManagementClient({
domain: event.secrets.domain,
clientId: event.secrets.clientId,
clientSecret: event.secrets.clientSecret,
});
const userId = event.user.sub;
const params = { id: userId };
//const params = { id: event.user.user_id };
const data = { roles: [event.secrets.defaultRoleId] };
try {
await management.users.assignRoles(params, data);
const updatedRoles = await management.users.getRoles(params);
roles = updatedRoles.map((r) => r.name);
} catch (e) {
console.log("Failed to assign role:", e);
}
}
// Always inject roles into ID Token
api.idToken.setCustomClaim(namespace, roles);
};