When you first identify your client (let us say a mobile app) on OAUTH, you're given an authorization code. This code is for a one-use-only purpose. This code has then to be traded against an access token which will be used.
As a default this token is set to 1 hour (3600sec) before expiry. The expiry time is configurable in "rest.ini".
Powered by eZ Publish™ CMS Open Source Web Content Management. Copyright © 1999-2013 eZ Systems AS (except where otherwise noted). All rights reserved.