For getting access token in twitter api you firstly should get request token to make it possible grant access to user's account. I've found that access token does not expire unless it was revoked by user. What about request tokens? Do they expire? How long are they valid?

Ok, I've found the answer on OAuth specification http://oauth.net/core/1.0/#anchor9

Used by the Consumer to ask the User to authorize access to the Protected Resources. The User-authorized Request Token is exchanged for an Access Token, MUST only be used once, and MUST NOT be used for any other purpose. It is RECOMMENDED that Request Tokens have a limited lifetime.

Here is also useful diagram of the oauth process (it took me long time to learn the flow)

So the answer is - very short.

PS: the reason why I was asking question is just to simplify the whole process by getting request tokens once and use it several times for different users.

Your access token will be invalid if a user explicitly rejects your application from their settings or if a Twitter admin suspends your application. If your application is suspended there will be a note on your application page saying that it has been suspended.

You should plan that a user’s access token may become invalid at any time and you will need to re-authorize for that user in the case that it does. Ensuring you handle this situation gracefully is imperative for a quality user experience.