fix(dart): fix getAccessToken always null bug

[simeng-li]

Summary

This PR fixes the getAccessToken always fetches new access tokens using the refresh token bug. (See #65 for more details.)

Root cause:

In the Logto Dart SDK, we store all token responses in local storage using a key-value format. Access tokens are stored based on their audience information and permissions. To generate a unique storage key for each access token, we use a combination of resource, organization, and scopes.

When calling the client.getAccessToken method, the SDK first checks local storage for a valid access token. If no related token is found or the token has expired, it requests a new one using the refresh token.

Currently, Logto does not support narrowing down scopes in token exchange requests, so scopes are not required in the fetchTokenByRefreshToken method. As a result, the getAccessToken method does not accept a scopes parameter and always attempts to read tokens from storage without considering scopes.

However, since the setAccessToken method builds storage keys with token scopes, and getAccessToken reads the storage without them, the method always returns null. This fallback triggers a new access token request every time.

Fixes:

• Remove the scopes input parameter from the _tokenStorage.buildAccessTokenKey and _tokenStorage.getAccessToken method. The storage key should now be generated based only on resource and organization.
• Update the _tokenStorage.save call in the client._handleSignInCallback method to align with the client._getTokenByRefresh flow. Ensure that the initial access token scopes are also saved in the token storage.

Although token scopes should always be stored as part of the access token values, the storage key should be generated using only the resource and organization.

Testing

test locally

UT updated

Checklist

• .changeset
• unit tests
• integration tests
• necessary TSDoc comments