I have a Web API that uses ASP.NET Identity. Users are authenticated using a bearer token and refresh token. I want to implement a feature where if a user changes their password or their current refresh token becomes invalid, they will be automatically logged out from all devices. How can I achieve this?