diff --git a/simple_oauth_extras/simple_oauth_extras.routing.yml b/simple_oauth_extras/simple_oauth_extras.routing.yml
index 54da7c9..0b8c533 100644
--- a/simple_oauth_extras/simple_oauth_extras.routing.yml
+++ b/simple_oauth_extras/simple_oauth_extras.routing.yml
@@ -9,15 +9,3 @@ oauth2_token_extras.authorize:
   options:
     _auth: ['cookie']
     no_cache: TRUE
-
-oauth2_token.user_debug:
-  path: '/oauth/debug'
-  defaults:
-    _controller: 'Drupal\simple_oauth_extras\Controller\DebugController::debug'
-  methods: [GET]
-  requirements:
-    _access: 'TRUE'
-    _format: 'json'
-  options:
-    _auth: ['oauth2']
-    no_cache: TRUE
diff --git a/simple_oauth_extras/tests/simple_oauth_extras_test/simple_oauth_extras_test.routing.yml b/simple_oauth_extras/tests/simple_oauth_extras_test/simple_oauth_extras_test.routing.yml
index 6b4c5fa..287c43e 100644
--- a/simple_oauth_extras/tests/simple_oauth_extras_test/simple_oauth_extras_test.routing.yml
+++ b/simple_oauth_extras/tests/simple_oauth_extras_test/simple_oauth_extras_test.routing.yml
@@ -6,3 +6,15 @@ oauth2_token_extras.test_token:
   methods: [GET]
   requirements:
     _access: 'TRUE'
+
+oauth2_token.user_debug:
+  path: '/oauth/debug'
+  defaults:
+    _controller: 'Drupal\simple_oauth_extras_test\Controller\DebugController::debug'
+  methods: [GET]
+  requirements:
+    _access: 'TRUE'
+    _format: 'json'
+  options:
+    _auth: ['oauth2']
+    no_cache: TRUE
diff --git a/simple_oauth_extras/src/Controller/DebugController.php b/simple_oauth_extras/tests/simple_oauth_extras_test/src/Controller/DebugController.php
similarity index 96%
rename from simple_oauth_extras/src/Controller/DebugController.php
rename to simple_oauth_extras/tests/simple_oauth_extras_test/src/Controller/DebugController.php
index d312f60..ec033c2 100644
--- a/simple_oauth_extras/src/Controller/DebugController.php
+++ b/simple_oauth_extras/tests/simple_oauth_extras_test/src/Controller/DebugController.php
@@ -1,6 +1,6 @@
 <?php
 
-namespace Drupal\simple_oauth_extras\Controller;
+namespace Drupal\simple_oauth_extras_test\Controller;
 
 use Drupal\Core\Controller\ControllerBase;
 use Drupal\user\PermissionHandlerInterface;
diff --git a/src/Authentication/TokenAuthUser.php b/src/Authentication/TokenAuthUser.php
index 235f4ed..d5baf98 100644
--- a/src/Authentication/TokenAuthUser.php
+++ b/src/Authentication/TokenAuthUser.php
@@ -77,9 +77,11 @@ class TokenAuthUser implements TokenAuthUserInterface {
    * {@inheritdoc}
    */
   public function getRoles($exclude_locked_roles = FALSE) {
-    return array_map(function ($item) {
+    $user_roles = $this->subject->getRoles();
+    $token_roles = array_map(function ($item) {
       return $item['target_id'];
     }, $this->token->get('scopes')->getValue());
+    return array_intersect($user_roles, $token_roles);
   }
 
   /**