Hi @love.huria,
You cannot revoke access tokens, they are stateless. You should have access tokens set to a short lifetime, and use refresh tokens to renew them for a long lived ‘session’.
When you want to expire that session, you revoke the refresh tokens, effectively ending all sessions and requiring re-authentication.
In your case, you can use the post change password hook to revoke the tokens, which will asynchronously revoke the tokens after a password reset.
Let me know if that helps,
Dan