I’m not sure what the done thing is, but one possible solution is to have multiple login information in your application, and have the application try them in turn until it is successful. So that if one log in fails (the old password), it’ll then try the new password. This would appear pretty seamless to the website user.
Once you’ve made the change, you can remove the old credentials from your application and it’ll just use the new one.