Add validation logic

[yacaovsnc]

Use the sample app as a base:

1. Use OAuth2Authenticator with a secure, persistent TokenPair store.
2. Comment out the sign out line. Run it once, verify we are prompted for login, and the oauth2 token is saved correctly in the storage.
3. Run the app again to verify we aren't prompted for login.
4. Modify the saved AccessToken by hand to make it invalid (I did this on Mac OSX).
5. Rerun the app and verify we are prompted again, and the original tokenPair is deleted from the storage.

This appears like we are not using the refresh token. There is some investigation that has to happen first. We actually refreshed the token, but the renewed AccessToken is not accompanied by a refreshToken, and we don't consider that is a successful retrival.

Repeat this process, but with a VstsPatAuthenticator with a secure, persistent Token store to verify we prompt when the PAT is invalid.

[msftclas]

Hi @yacaovsnc, I'm your friendly neighborhood Microsoft Pull Request Bot (You can call me MSBOT). Thanks for your contribution!

It looks like you're a Microsoft contributor (Yang Cao (VSNC)). If you're full-time, we DON'T require a Contribution License Agreement. If you are a vendor, please DO sign the electronic Contribution License Agreement. It will take 2 minutes and there's no faxing! https://cla.microsoft.com.

TTYL, MSBOT;

[davidstaheli]

Looks good! I left minor comments.