Can I trust he access token(response.authResponse.accessToken) for identify the user?
Of-course yes!
Can Facebook change the access token ?
Nope. But it expires after 2 hours, so you have to get the token again. If you want to use this token in future; you can extend the life of the token to 60 days.
You can read more about access tokens here.
[Edit]
The token also becomes invalidated in the following cases-
- User changes the password
- User de-authorizes the app
- User removes the app