Using Auth0 to let only github organization members to access

Hey! My use case is set webapps/tools for a developer/user community, into which I want to use auth0 to manage identity and access.

I am trying to use the Auth0 Github social integration for this. Got it working nicely so, that any github user can authenticate to my apps via auth0. Now I would like so, that only members of specific github organizations can get through. How to?

I already tried actions like so:

/**
 * @param {Event} event - Details about the user and the context in which they are logging in.
 * @param {PostLoginAPI} api - Interface whose methods can be used to change the behavior of the login.
 */
exports.onExecutePostLogin = async (event, api) => {
  const request = require('request');

  console.log('Executing post-login action');

  // Ensure this action is run only for GitHub login
  if (event.connection.name !== 'github') {
    console.log('Not a GitHub login');
    return;
  }

  const accessToken = event.user.identities[0].access_token;
  const requiredOrgs = event.secrets.REQUIRED_GITHUB_ORGS.split(',');

  console.log('Required organizations:', requiredOrgs);
  console.log('Access token:', accessToken);

  const options = {
    url: 'https://api.github.com/user/orgs',
    headers: {
      'User-Agent': 'Auth0',
      'Authorization': `token ${accessToken}`
    }
  };

  request(options, (error, response, body) => {
    if (error) {
      console.error('Error fetching GitHub orgs:', error);
      return api.access.deny('Access denied. Error verifying GitHub organization membership.');
    }

    if (response.statusCode !== 200) {
      console.error('Error fetching GitHub orgs:', response.statusCode, response.statusMessage);
      return api.access.deny('Access denied. Error verifying GitHub organization membership.');
    }

    const orgs = JSON.parse(body).map(org => org.login);
    console.log('User organizations:', orgs);

    const isMemberOfAllRequiredOrgs = requiredOrgs.every(org => orgs.includes(org));
    console.log('Is member of all required orgs:', isMemberOfAllRequiredOrgs);

    if (!isMemberOfAllRequiredOrgs) {
      return api.access.deny('Access denied. User is not a member of all required GitHub organizations.');
    }

    // Update user app_metadata with GitHub orgs
    api.user.setAppMetadata('github_orgs', orgs);
  });
};

Log output:
{
“action_name”: “restrict to github org members”,
“response”: {
“logs”: “Executing post-login action\nRequired organizations: [ ‘myorghere’ ]\nAccess token: undefined\n”,
“stats”: {
“total_request_duration_ms”: 419,
“total_runtime_execution_duration_ms”: 415,
“runtime_processing_duration_ms”: 4,
“action_duration_ms”: 352,
“runtime_external_call_duration_ms”: 59,
“boot_duration_ms”: 63,
“network_duration_ms”: 4
}
},

So question, what would be the ideal way for this use case?