First off all I am very thankful for this demo project. It was well explained.
I need below clarifications,
How to handle token validity when user changed his password? invalidate the current token and redirect him to login page, asking him to login with new password ?
and in case of User logs out?

Token is not linked to the password value, it's up to you to generate a new one.

@davideas mentioned it, thx ;)