Good questions! Ok, the default access_token lifetime is about 90 days, we’re planning on extending that feature so you can set an arbitrarily long lifetime of the token, to simplify things. We’ll also provide wrappers for these in the CLI so you don’t have to use something like curl.
If you’re writing an iPhone app, you can model it after the Spark-ios app here: https://github.com/spark/ios-app
In that app the user logs into their account, creating an access token for the program. You could also say just store your own credentials in your app, and ask for a new token every X days, etc.
There is some security reasoning behind the access_token expirations. Users will have the ability to arbitrarily invalidate any access_tokens they want when using their credentials, so if a user gives an app permission to use a core, that user can also take that permission away. The expirations help prevent dozens or hundreds of forgotten access_tokens from sitting around forever. It’s important that an app using an access_token should be aware of that possibility. We’re using a standard authentication / token system called OAuth http://oauth.net/
I hope that helps!