After reading this post I'm facing a similar scenario (also discussed here) regarding migrating my app to short-lived tokens.
To my understanding, all existing long-lived tokens will still work, even after Sep. 30 but the option to create new ones will be disabled.
Does that mean that all existing offlineaccess apps will still work using both old tokens and old authorization implementation? Does it also mean that existing users will not be affected by this transition at all?
Long-lived access tokens are now considered deprecated, but we don't currently have a plan to disable existing long-lived access tokens. (If that changes, we will of course announce that ahead of time.) That being the case, you can continue using existing long-lived access token(s). Note though that after the change you won't be able to create new long-lived access tokens. That means that any users with existing long-lived access tokens can continue using those existing long-lived access tokens as before.
After the change, apps will need to use the updated flow to request "offline" access to get long-lived authorization via refresh tokens.
If, after the change, a user uses an app that hasn't been updated, any new authorizations will only receive short-lived access tokens, and they won't be able to newly authorize long-lived access without getting an updated version of the app.