Thanks for your reply. It helped to direct me to the right path 
I ended up just patching the “fetch” function of the Resource class:
/**
* Patches the original Cesium.Resource class to allow updating of authorization header in HTTP requests.
*/
private patchCesiumResource(): void {
const orig = Cesium.Resource.prototype.fetch;
// Store reference to the service, because "this" refers to the resource instance inside the patched function.
const self = this;
Cesium.Resource.prototype.fetch = function(callOptions: any) {
if (this.headers.Authorization === 'system') {
this.headers.Authorization = self.authentication;
}
return orig.call(this, callOptions);
};
}
``
(I’m developing an Angular app, so the above code is TypeScript)