From 074821074418f7ab8a2ee97c728301c6b1ec6c5b Mon Sep 17 00:00:00 2001
From: Slawomir Koszewski <slawek@koszewscy.waw.pl>
Date: Sat, 7 Feb 2026 13:30:24 +0100
Subject: [PATCH] Refactor createPca function to dynamically import
 msal-node-extensions and improve cache plugin fallback handling

---
 src/azure/pca-auth.js | 25 +++++++++++++++----------
 1 file changed, 15 insertions(+), 10 deletions(-)

diff --git a/src/azure/pca-auth.js b/src/azure/pca-auth.js
index 8c237e7..86048a2 100644
--- a/src/azure/pca-auth.js
+++ b/src/azure/pca-auth.js
@@ -4,12 +4,7 @@ import fs from "node:fs";
 import path from "node:path";
 
 import { PublicClientApplication } from "@azure/msal-node";
-import {
-  DataProtectionScope,
-  Environment,
-  PersistenceCachePlugin,
-  PersistenceCreator,
-} from "@azure/msal-node-extensions";
+import os from "node:os";
 
 function fileCachePlugin(cachePath) {
   return {
@@ -28,13 +23,23 @@ function fileCachePlugin(cachePath) {
 }
 
 async function createPca({ tenantId, clientId }) {
-  const cacheRoot = Environment.isWindowsPlatform()
-    ? path.join(Environment.getUserRootDirectory(), "sk-az-tools")
-    : path.join(Environment.getUserRootDirectory(), ".config", "sk-az-tools");
+  const isWindows = process.platform === "win32";
+  const userRoot = isWindows
+    ? process.env.LOCALAPPDATA || os.homedir()
+    : os.homedir();
+  const cacheRoot = isWindows
+    ? path.join(userRoot, "sk-az-tools")
+    : path.join(userRoot, ".config", "sk-az-tools");
 
   const cachePath = path.join(cacheRoot, `${clientId}-msal.cache`);
   let cachePlugin;
   try {
+    const {
+      DataProtectionScope,
+      PersistenceCachePlugin,
+      PersistenceCreator,
+    } = await import("@azure/msal-node-extensions");
+
     const persistence = await PersistenceCreator.createPersistence({
       cachePath,
       dataProtectionScope: DataProtectionScope.CurrentUser,
@@ -44,7 +49,7 @@ async function createPca({ tenantId, clientId }) {
     });
     cachePlugin = new PersistenceCachePlugin(persistence);
   } catch (err) {
-    // Fallback for Linux environments where libsecret integration is unavailable.
+    // Fallback when msal-node-extensions/keytar/libsecret are unavailable.
     cachePlugin = fileCachePlugin(cachePath);
   }