Hi @Arvidsson, Alexander,
I would recommend you to use Sites.Selected permission to reach your requirement. As with other delegated scopes the minimal intersection of application and user permissions is used. Increasing the ability of admins to control application access to specific site collections and require user presence/access. Here is some document for you to reference
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.