When you get "roles" in your token, it means you are generating Application token.
Please make sure you have added Application permission in you Azure Application (not delegated).
Please refer to the below sample screenshot:
Please refer to this documentation for more details.
Hope this helps.
If the answer is helpful, please click Accept Answer and kindly upvote. If you have any further questions about this answer, please click Comment.