Kaladhar,
actually, we have received this question a few times in the last few weeks.
The solution would be to create an API in OTK that gets called whenever a user changes his password at the IDP.
I will write a blog post within the next few days to show how an API can be built that takes a username (and some other credentials) and revokes all OAuth token for that user.
Best regards!