authenticate token each time client is sending request

src/Accounts/Accounts.Test/AzureRMProfileTests.cs

@@ -1081,15 +1081,15 @@ public void CanRenewTokenLogin()
             Assert.Equal(keyVaultToken2, account.GetProperty(AzureAccount.Property.KeyVaultAccessToken));
             var factory = new ClientFactory();
             var rmClient = factory.CreateArmClient<MockServiceClient>(profile.DefaultContext, AzureEnvironment.Endpoint.ResourceManager);
-            var rmCred = rmClient.Credentials as TokenCredentials;
+            var rmCred = rmClient.Credentials as RenewingTokenCredential;
             Assert.NotNull(rmCred);
             var message = new HttpRequestMessage(HttpMethod.Get, rmClient.BaseUri.ToString());
             rmCred.ProcessHttpRequestAsync(message, CancellationToken.None).ConfigureAwait(false).GetAwaiter().GetResult();
             Assert.NotNull(message.Headers.Authorization);
             Assert.NotNull(message.Headers.Authorization.Parameter);
             Assert.Contains(accessToken2, message.Headers.Authorization.Parameter);
             var graphClient = factory.CreateArmClient<MockServiceClient>(profile.DefaultContext, AzureEnvironment.Endpoint.Graph);
-            var graphCred = graphClient.Credentials as TokenCredentials;
+            var graphCred = graphClient.Credentials as RenewingTokenCredential;
             Assert.NotNull(graphCred);
             var graphMessage = new HttpRequestMessage(HttpMethod.Get, rmClient.BaseUri.ToString());
             graphCred.ProcessHttpRequestAsync(graphMessage, CancellationToken.None).ConfigureAwait(false).GetAwaiter().GetResult();

src/Accounts/Authentication/Authentication/ExternalAccessToken.cs

@@ -0,0 +1,43 @@
+using System;
+using System.Collections.Generic;
+using System.Text;
+
+namespace Microsoft.Azure.Commands.Common.Authentication.Authentication
+{
+    public class ExternalAccessToken : IAccessToken
+    {
+        public string AccessToken
+        {
+            get; set;
+        }
+
+        public string LoginType
+        {
+            get; set;
+        }
+
+        public string TenantId
+        {
+            get; set;
+        }
+
+        public string UserId
+        {
+            get; set;
+        }
+
+        private readonly Func<string> _refresh;
+
+        public ExternalAccessToken(string token, Func<string> refresh = null)
+        {
+            this.AccessToken = token;
+            this._refresh = refresh;
+        }
+
+        public void AuthorizeRequest(Action<string, string> authTokenSetter)
+        {
+            AccessToken = (_refresh == null) ? AccessToken : _refresh();
+            authTokenSetter("Bearer", AccessToken);
+        }
+    }
+}

src/Accounts/Authentication/Factories/AuthenticationFactory.cs

@@ -21,6 +21,8 @@
 using System.Security;
 using Microsoft.Azure.Commands.Common.Authentication.Properties;
 using System.Threading.Tasks;
+using Microsoft.Azure.Commands.Common.Authentication.Authentication;
+using System.Management.Automation;
 
 namespace Microsoft.Azure.Commands.Common.Authentication.Factories
 {
@@ -302,7 +304,7 @@ public ServiceClientCredentials GetServiceClientCredentials(IAzureContext contex
                 case AzureAccount.AccountType.Certificate:
                     throw new NotSupportedException(AzureAccount.AccountType.Certificate.ToString());
                 case AzureAccount.AccountType.AccessToken:
-                    return new TokenCredentials(GetEndpointToken(context.Account, targetEndpoint));
+                    return new RenewingTokenCredential(new ExternalAccessToken (GetEndpointToken(context.Account, targetEndpoint), () => GetEndpointToken(context.Account, targetEndpoint)));
             }