I think there don’t have expire period if you use Oauth 1.0.
In my case i use Oauth 1.0 and face some problem that access token is shot lived.
result of my website analysis was problem of session of my website.
If some user login to my website and logout, its expired(only web session,but access token not)
so i changed my session config from ‘session.gc_maxlifetime=1440’ to ‘session.gc_maxlifetime=606024*30’ therefore i am realized that access token don’t have expire time. So if you want to expire access tokens i recommend use your session and DB
step1. User accept using your application
step2. Store token information to DB or FILE or Cookie about each user
step3. If user closed explorer, you can delete session on your website but keep Stored information on your DB
step3. User open explorer, you can set session from your DB or COOKIE information
