As documented:
onAuthorized
returns userID (Opaque user ID.)
and
Broadcasters’ tokens are set with "U" + their Twitch user IDs, to avoid confusing opaque IDs with user IDs when the broadcaster is a viewer.
If that helps.
Or onAuthorized parse the response (don’t validate) and test the role key