backport of commit 7b4f640 (#26554)

Co-authored-by: JMGoldsmith <spartanaudio@gmail.com>

website/content/api-docs/auth/approle.mdx

@@ -85,6 +85,7 @@ include a-Z, 0-9, space, hyphen, underscore and periods.
 
 ```json
 {
+  "token_type": "batch",
   "token_ttl": "10m",
   "token_max_ttl": "15m",
   "token_policies": ["default"],

website/content/docs/auth/approle.mdx

@@ -12,7 +12,8 @@ The `approle` auth method allows machines or _apps_ to authenticate with
 Vault-defined _roles_. The open design of `AppRole` enables a varied set of
 workflows and configurations to handle large numbers of apps. This auth method
 is oriented to automated workflows (machines and services), and is less useful
-for human operators.
+for human operators. We recommend using `batch` tokens with the
+ `AppRole` auth method.
 
 An "AppRole" represents a set of Vault policies and login constraints that must
 be met to receive a token with those policies. The scope can be as narrow or
@@ -91,6 +92,7 @@ management tool.
 
    ```shell-session
    $ vault write auth/approle/role/my-role \
+       token_type=batch \
        secret_id_ttl=10m \
        token_num_uses=10 \
        token_ttl=20m \
@@ -138,7 +140,7 @@ documentation.
    $ curl \
        --header "X-Vault-Token: ..." \
        --request POST \
-       --data '{"policies": "dev-policy,test-policy"}' \
+       --data '{"policies": "dev-policy,test-policy", "token_type": "batch"}' \
        http://127.0.0.1:8200/v1/auth/approle/role/my-role
    ```
 

website/content/partials/tokenstorefields.mdx

@@ -19,4 +19,5 @@
   unless changed will be `service` tokens). For token store roles, there are two
   additional possibilities: `default-service` and `default-batch` which specify
   the type to return unless the client requests a different type at generation
-  time.
+  time. For machine based authentication cases, you should use `batch` 
+  type tokens.