Do you really need to run through the authentication gauntlet just to verify that your retry logic applies?

I would set up the test so that the test program does not have to do any of the authentication dance and you simply check that the HTTP timeout occurs.

I find that structuring my code to be modular in the way that I can test functionality in separate, I recognize the relevant parts and can move these into testable subroutines.