The access token will expire, eventually (in about 50 years). You wouldn’t have to worry about this if you don’t plan to run your app for more than 50 years. You don’t need the authorization code after you get an access token. You can get the installation endpoint URL by hitting:
https://graph.api.smartthings.com/api/smartapps/endpoints?access_token=<Your access token>. Using the installation endpoint, you can access your SmartApp’s rest endpoints until the access token expires without any more user authorization.
By the way i’ve noticed that once you get the access token, using the URL to generate access token using the authorization code throws an error. I guess that would mean that the authorization code can be used only once.
In many OAuth 2 implementations, a way to refresh tokens is also provided along with a shorter expiry time for the access token (This stackoverflow question details about use of access and refresh tokens: http://stackoverflow.com/questions/3487991/why-does-oauth-v2-have-both-access-and-refresh-tokens). And hence my original question, in case any changes are made to the access token expiry settings.
Hope this helps.