Update token revocation docs (#60372)

Author: mastersb

content/authentication/keeping-your-account-and-data-secure/token-expiration-and-revocation.md

@@ -17,7 +17,7 @@ When a token has expired or has been revoked, it can no longer be used to authen
 This article explains the possible reasons your {% data variables.product.github %} token might be revoked or expire.
 
 > [!NOTE]
-> When a {% data variables.product.pat_generic %} or OAuth token expires or is revoked, you may see an `oauth_authorization.destroy` action in your security log. For more information, see [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/reviewing-your-security-log).
+> When a {% data variables.product.pat_generic %}, {% data variables.product.prodname_oauth_app %} token, or {% data variables.product.prodname_github_app %} token expires or is revoked, you may see an `oauth_authorization.destroy` action in your security log. For more information, see [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/reviewing-your-security-log).
 
 ## Token revoked after reaching its expiration date
 
@@ -48,9 +48,17 @@ Once an authorization is revoked, any tokens associated with the authorization w
 
 ## Token revoked by a third party
 
-To prevent unauthorized access using exposed tokens, {% data variables.product.github %} recommends token revocation to ensure that a token can no longer be used to authenticate to {% data variables.product.github %}. If you find another user's {% data variables.product.pat_generic %} leaked on {% data variables.product.github %} or elsewhere, you can submit a revocation request through the REST API. See [AUTOTITLE](/rest/credentials/revoke#revoke-a-list-of-credentials).
+To prevent unauthorized access using exposed tokens, {% data variables.product.github %} recommends token revocation to ensure that a token can no longer be used to authenticate to {% data variables.product.github %}. The credential revocation API supports revoking the following token types:
 
-If a valid {% data variables.product.pat_generic %} is submitted to {% data variables.product.github %}'s credential revocation API, the token will be automatically revoked. This API allows a third party to revoke a token they do not own and helps protect the data associated with this token from unauthorized access, limiting the impact of exposed tokens.
+* {% data variables.product.pat_v1_caps_plural %} with the `ghp_` prefix
+* {% data variables.product.pat_v2_caps_plural %} with the `github_pat_` prefix
+* {% data variables.product.prodname_oauth_app %} tokens with the `gho_` prefix
+* {% data variables.product.prodname_github_app %} user-to-server tokens with the `ghu_` prefix
+* {% data variables.product.prodname_github_app %} refresh tokens with the `ghr_` prefix
+
+If you find any of these tokens leaked on {% data variables.product.github %} or elsewhere, you can submit a revocation request through the REST API. See [AUTOTITLE](/rest/credentials/revoke#revoke-a-list-of-credentials) for the complete and authoritative list of supported token types.
+
+When a valid token is submitted to {% data variables.product.github %}'s credential revocation API, the token will be automatically revoked. This API allows a third party to revoke a token they do not own and helps protect the data associated with this token from unauthorized access, limiting the impact of exposed tokens.
 
 To encourage reports and ensure that exposed tokens can be quickly and easily revoked, we do not require authentication for the revocation requests submitted through the API. As a result, {% data variables.product.github %} is unable to provide further information about the source of the reported token.
 

content/code-security/tutorials/secure-your-organization/best-practices-for-preventing-data-leaks-in-your-organization.md

@@ -75,11 +75,11 @@ There are two forms of {% data variables.product.prodname_secret_scanning %} ava
 * {% data variables.secret-scanning.user_alerts_caps %}: To get additional scanning capabilities for your organization, you need to enable {% data variables.secret-scanning.user_alerts %}.
 
   When enabled, {% data variables.secret-scanning.user_alerts %} can be detected on the following types of repository:{% ifversion fpt %}
-   * Public repositories owned by personal accounts on {% data variables.product.prodname_dotcom_the_website %}
-   * Public repositories owned by organizations
-   * Private and internal repositories owned by organizations using {% data variables.product.prodname_team %} or {% data variables.product.prodname_ghe_cloud %}, with a license for {% data variables.product.prodname_GH_code_security %}{% elsif ghec %}
-   * Public repositories owned by organizations that use {% data variables.product.prodname_ghe_cloud %}
-   * Private and internal repositories when you have a license for {% data variables.product.prodname_GH_code_security %}{% endif %}
+  * Public repositories owned by personal accounts on {% data variables.product.prodname_dotcom_the_website %}
+  * Public repositories owned by organizations
+  * Private and internal repositories owned by organizations using {% data variables.product.prodname_team %} or {% data variables.product.prodname_ghe_cloud %}, with a license for {% data variables.product.prodname_GH_code_security %}{% elsif ghec %}
+  * Public repositories owned by organizations that use {% data variables.product.prodname_ghe_cloud %}
+  * Private and internal repositories when you have a license for {% data variables.product.prodname_GH_code_security %}{% endif %}
 {% endif %}
 
 {% ifversion ghas-products %}{% ifversion secret-risk-assessment %}
@@ -119,9 +119,17 @@ counter notice form and alert GitHub Support. For more information, see [DMCA co
 
 ### Revoke exposed tokens
 
-If a {% data variables.product.pat_generic_plural %} has been exposed in a {% data variables.product.github %} repository, {% data variables.product.github %} {% data variables.product.prodname_secret_scanning %} can be used to report and revoke the token. For more information, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/resolving-alerts#reporting-a-leaked-secret).
+If credentials have been exposed in a {% data variables.product.github %} repository, {% data variables.product.github %} {% data variables.product.prodname_secret_scanning %} can be used to report and revoke the credentials. For more information, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/resolving-alerts#reporting-a-leaked-secret).
 
-You can also revoke {% data variables.product.pat_generic_plural %} that you do not own and have been exposed outside of {% data variables.product.github %} repositories. By doing this, you are contributing to the overall security of the {% data variables.product.github %} community and can quickly limit the impact of these tokens. If you find exposed {% data variables.product.pat_generic_plural %} either on {% data variables.product.github %} or elsewhere, you can submit a revocation request using the REST API. See [AUTOTITLE](/rest/credentials/revoke#revoke-a-list-of-credentials).
+You can also revoke exposed credentials that you do not own and have been exposed outside of {% data variables.product.github %} repositories. By doing this, you are contributing to the overall security of the {% data variables.product.github %} community and can quickly limit the impact of these credentials. The API supports revoking:
+
+* {% data variables.product.pat_v1_caps_plural %} with the `ghp_` prefix
+* {% data variables.product.pat_v2_caps_plural %} with the `github_pat_` prefix
+* {% data variables.product.prodname_oauth_app %} tokens with the `gho_` prefix
+* {% data variables.product.prodname_github_app %} user-to-server tokens with the `ghu_` prefix
+* {% data variables.product.prodname_github_app %} refresh tokens with the `ghr_` prefix
+
+If you find any exposed tokens either on {% data variables.product.github %} or elsewhere, you can submit a revocation request using the REST API. See [AUTOTITLE](/rest/credentials/revoke#revoke-a-list-of-credentials) for the complete and authoritative list of supported credential types.
 
 {% endif %}