diff --git a/api/client-server/registration.yaml b/api/client-server/registration.yaml
index 8114299ea67..50ce4a96d16 100644
--- a/api/client-server/registration.yaml
+++ b/api/client-server/registration.yaml
@@ -328,8 +328,8 @@ paths:
 
         The homeserver may change the flows available depending on whether a
         valid access token is provided. The homeserver SHOULD NOT revoke the
-        access token provided in the request, however all other access tokens
-        for the user should be revoked if the request succeeds.
+        access token provided in the request. Whether other access tokens for
+        the user are revoked depends on the request parameters.
       security:
         - accessToken: []
       operationId: changePassword
@@ -343,6 +343,12 @@ paths:
                 type: string
                 description: The new password for the account.
                 example: "ihatebananas"
+              logout_devices:
+                type: boolean
+                description: |-
+                  Whether the other access tokens, and their associated devices, for the user should be 
+                  revoked if the request succeeds. Defaults to true.
+                example: true
               auth:
                 description: |-
                   Additional authentication information for the user-interactive authentication API.
diff --git a/changelogs/client_server/newsfragments/2523.feature b/changelogs/client_server/newsfragments/2523.feature
new file mode 100644
index 00000000000..e45d1c2fd60
--- /dev/null
+++ b/changelogs/client_server/newsfragments/2523.feature
@@ -0,0 +1 @@
+Optionally invalidate other access tokens during password modification per `MSC2457 <https://github.com/matrix-org/matrix-doc/pull/2457>`_.