Can I try out the full OAuth2 flow?
The full flow will be available in next sandbox versions. For now, you should use the static token authenticated-user-full-access
What should I enter to the REDIRECT URL field?

As we're still in sandbox mode, the redirect URL can be anything for now (e.g. www.google.com). Later on when we're live, your redirect url must be registered in the developer portal (illustrated above) and it must match the redirect_uri parameter. Please see the API authentication section of the documentation for more details and examples.
How long is the access token valid? When will it expire?
The access token is valid for 90 days.
It would be nice to receive a push message when an access token is about to expire (e.g. 7 days before)
Agreed, this would be nice ;) We're looking into this already.
I don't understand how OAuth2 works
For a nice tutorial about OAuth2, please check this link.