Auth0 Home Blog Docs

Newb - Rule If/Then Question

I got SAML2 working to AWS IAM with Auth0 as my IDP, with a single role. Now, I am trying to implement rules to assign different AWS roles based on user app metadata. I have it working but I am wondering if this is the most efficient route. Thoughts?

function (user, context, callback) {
	console.log('[before] user.app_metadata: ' + user.app_metadata.aws_role);
  
  user.app_metadata = user.app_metadata || {};

  if (user.app_metadata.aws_role === "AWS-FullAdmin") {
    user.awsRole = 'arn:aws:iam:::role/Auth0-FullAdmin,arn:aws:iam::111:saml-provider/Auth0_SAML_Provider';
  }
if (user.app_metadata.aws_role === "AWS-ReadOnlyAccounts") {
    user.awsRole = 'arn:aws:iam::111:role/Auth0-ReadOnlyAccounts,arn:aws:iam::111:saml-provider/Auth0_SAML_Provider';
  	console.log('awsrole1 is : ' + user.awsRole);
  }
  
  user.awsRoleSession = user.name;
  context.samlConfiguration.mappings = {
    'https://aws.amazon.com/SAML/Attributes/Role': 'awsRole',
    'https://aws.amazon.com/SAML/Attributes/RoleSessionName': 'awsRoleSession'
  };

  callback(null, user, context);

}

I’m just trying something simple, which is: if user has app metadata aws_role value of AWS-FullAdmin, then pass the Admin specific AWS attribute. If aws_role is ReadOnly, pass the read only attribute.