Here's my whole test, it might give you some clue to what I did wrong ^^:

val unauthorizedException = HttpException(Response.error<Dto>(401, ResponseBody.create(MediaType.parse("application/json"), """{ "error": "Unauthorized" }""")))

        val fakeNetworkCall = { accessToken: AccessToken -> if (accessToken.accessToken == "expired") IO.raiseError(unauthorizedException) else IO { Dto("dto") } }

        val persistentSource = object : AccessTokenPersistentSource {
            private var accessToken: AccessToken? = AccessToken(accessToken = "expired", refreshToken = "refreshToken1".some())
            override fun getAccessToken(): IO<AccessToken?> = IO { accessToken }
            override fun persistAccessToken(accessToken: AccessToken) {
                this.accessToken = accessToken
            }
        }

        val remoteSource = object : AccessTokenRemoteSource {
            override fun getAccessToken(grantType: String, username: Option<String>, password: Option<String>, refreshToken: Option<String>): IO<AccessToken> = IO {
                AccessToken("ok", refreshToken = "refreshToken2".some())
            }
        }

        val accessTokenRepository = AccessTokenRepository(
            persistentSource = persistentSource,
            remoteSource = remoteSource
        )

        val result = accessTokenRepository.withAccessToken(fakeNetworkCall)
        println(result.unsafeRunSync())

The interfaces should be pretty self-explanatory