@gangh
It depends on how the developer writes their code.
The Canvas OAuth2 documentation recommends that your tool hold on to the token so that you can refresh in the future without requiring the user to agree again.
When appropriate, applications should store the token locally, rather than requesting a new token for the same user each time the user uses the application. If the token is deleted or expires, the application will get a 401 Unauthorized error from the API, in which case the application should perform the OAuth flow again to receive a new token. You can differentiate this 401 Unauthorized from other cases where the user simply does not have permission to access the resource by checking that the WWW-Authenticate header is set.
This discussion post is outdated and has been archived. Please use the Community question forums and official documentation for the most current and accurate information.