Whether or not authentication is revoked or expires after a user changes their password is dependent on the provider. In most scenarios, a token is not revoked after a user-invoked password change, because changing a password doesn't compromise an access token. However, adding two-factor authentication may revoke access tokens because it changes the auth flow, forcing the user to re-login with two-factor auth.