...

• curl -H "Authorization: Bearer INSERT_EDX_ISSUED_ACCESS_TOKEN" http://localhost:8000/api/..

Expiration

Currently, our edX-issued access tokens expire in 30 days

...

for public clients like mobile apps, and 365 days for server-side clients.  These values can be overridden with the settings variables OAUTH_EXPIRE_DELTA_PUBLIC (for public clients) and OAUTH_EXPIRE_DELTA (for confidential clients), which each take a timedelta object for their value.

OAuth2 -> Session Cookie

Additionally, the mobile app can exchange an access token for a session cookie that can be used in a WebView:

...