Hi @kito.hirokazu , thank you for posting your questions!
An already issued ID and Access token will be valid for the period they were originally issued for. There is no automate way to invalidate them thus there would be a need to actively logged users out. Revoke Tokens
In case of refresh tokens, the expiry time will also be as initially set, but you can revoke them (once revoked, they will be invalidated). Revoke Refresh Tokens
I remain available in case of follow-up questions!