diff --git a/packages/google-auth/system_tests/system_tests_sync/test_external_accounts.py b/packages/google-auth/system_tests/system_tests_sync/test_external_accounts.py
index eb15a011df56..32a3af49882a 100644
--- a/packages/google-auth/system_tests/system_tests_sync/test_external_accounts.py
+++ b/packages/google-auth/system_tests/system_tests_sync/test_external_accounts.py
@@ -65,9 +65,10 @@ def dns_access_direct(request, project_id):
 
     # Apply the default credentials to the headers to make the request.
     headers = {}
-    credentials.apply(headers)
+    url = "https://dns.googleapis.com/dns/v1/projects/{}".format(project_id)
+    credentials.before_request(request, "GET", url, headers)
     response = request(
-        url="https://dns.googleapis.com/dns/v1/projects/{}".format(project_id),
+        url=url,
         headers=headers,
     )
 
@@ -213,6 +214,8 @@ def check_impersonation_expiration():
             request=http_request,
         )
 
+        credentials.refresh(http_request)
+
         utcmax = _helpers.utcnow() + datetime.timedelta(seconds=TOKEN_LIFETIME_SECONDS)
         utcmin = utcmax - datetime.timedelta(seconds=BUFFER_SECONDS)
         assert utcmin < credentials._impersonated_credentials.expiry <= utcmax