The 6.5.3 version is kinda old. There was a user token fix in v 6.7.2.
Please update to the latest version (7.0.0) to achieve all new features and bug fixes.
For now (v 7.0.0) token validation works as expected.
The correct behaviour for two devices is:
- login user on the
device1anddevice2 - call the
isValidUserTokenmethod - it should returntrueon both devices - restore password on the
device2 - call the
isValidUserTokenmethod - it should returnfalseon both devices
After step 4 both devices will ask you to relogin because token is expired after the password restoration.