from what I understand, you created a Moodle user (and so a token) for your client. By principe I would avoid using a token linked to an administrator as much as I can (imagine a client user steals the token, then the Moodle admin add the delete_courses() function to the service thinking it's ok because he knows the client doesn't call it, then the user deletes the Moodle site courses with its own client)
In summary you must know about the administration of Moodle roles (one of the most difficult part in administration imo). It is very likely that the issue you are having, you are having it in Moodle too. The core web service respect 100% (otherwise it's a bug) the web behaviour. So if you can/cannot do something on the web, it will be the same with the web services. You have to know how to administrate when you are using the web services. There is no other choice that reading docs and testing on the web version.
Note: assign_role is tricky by the name. You may be looking to enrol_users instead, search in this forum there are few conversations about it.