I noticed that an access token (requesting offline access) changes if the application asks for additional permissions and the user grants them; is this the only case where an access token can expire?
The offline_access access token never expires. So indeed, the only way it can change is when you request for additional permissions.