> 1. How do I invalidate the existing tokens on password change? > As per my knowledge the is nothing called invalidation of token. You can delete and recreate using signals( pre_delete or post_delete)