Discord login rejected on additional user data from api

I am quite new to Auth but have been making progress in getting it set up for discord login using a custom connection.
Once a user has gone through the login I would like to retrieve additional user data about their guilds (which the custom connection has requested permission for) and use their guild data to check against a whitelist. If they are in it, allow connection, if not, deny. I’ve gotten so far as to make multiple GET request using the access token in the fetch user profile script to retrieve the guild list. After reading the section on user profile script and that it specifies to keep this script simple I feel this is not the place to do these checks.
I’m at a loss as to my next step on the correct way to accomplish this. Also how would I go about storing the whitelist to check against and referencing it without securely?