Update Authorization.md

wiki/Authorization.md

@@ -30,8 +30,8 @@
   - [Update an existing Service Account key](#update-an-existing-service-account-key)
   - [Replace all existing Service Account keys](#replace-all-existing-service-account-keys)
   - [Delete Service Account keys](#delete-service-account-keys)
-  - [Upload a Service Account key to a service account without a valid private key](#upload-a-service-account-key-to-a-service-account-without-a-valid-private-key)
   - [Display Service Account keys](#display-service-account-keys)
+  - [Upload a Service Account key to a service account without a valid private key](#upload-a-service-account-key-to-a-service-account-without-a-valid-private-key)
 - [Manage Service Account access](#manage-service-account-access)
   - [Full Service Account access](#full-service-account-access)
   - [Selective Service Account access](#selective-service-account-access)
@@ -783,7 +783,8 @@ The `oauth2service.json` file is updated with the new private key.
 
 This command requires that the current Service Account private key is valid, if you get the following error:
 ```
-ERROR: 401: authError - Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential.
+ERROR: 401: authError - Request had invalid authentication credentials.
+Expected OAuth 2 access token, login cookie or other valid authentication credential.
 See https://developers.google.com/identity/sign-in/web/devconsole-project.
 ```
 see: [Upload a Service Account key to a service account without a valid private key](#upload-a-service-account-key-to-a-service-account-without-a-valid-private-key)
@@ -818,7 +819,8 @@ in the distributed copies has been revoked.
 
 This command requires that the current Service Account private key is valid, if you get the following error:
 ```
-ERROR: 401: authError - Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential.
+ERROR: 401: authError - Request had invalid authentication credentials.
+Expected OAuth 2 access token, login cookie or other valid authentication credential.
 See https://developers.google.com/identity/sign-in/web/devconsole-project.
 ```
 see: [Upload a Service Account key to a service account without a valid private key](#upload-a-service-account-key-to-a-service-account-without-a-valid-private-key)
@@ -844,7 +846,8 @@ This command can be used if your Service Account keys have been compromised; all
 
 This command requires that the current Service Account private key is valid, if you get the following error:
 ```
-ERROR: 401: authError - Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential.
+ERROR: 401: authError - Request had invalid authentication credentials.
+Expected OAuth 2 access token, login cookie or other valid authentication credential.
 See https://developers.google.com/identity/sign-in/web/devconsole-project.
 ```
 see: [Upload a Service Account key to a service account without a valid private key](#upload-a-service-account-key-to-a-service-account-without-a-valid-private-key)
@@ -867,7 +870,8 @@ that user's service account access.
 
 This command requires that the current Service Account private key is valid, if you get the following error:
 ```
-ERROR: 401: authError - Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential.
+ERROR: 401: authError - Request had invalid authentication credentials.
+Expected OAuth 2 access token, login cookie or other valid authentication credential.
 See https://developers.google.com/identity/sign-in/web/devconsole-project.
 ```
 see: [Upload a Service Account key to a service account without a valid private key](#upload-a-service-account-key-to-a-service-account-without-a-valid-private-key)
@@ -878,19 +882,6 @@ or upload a new key with the `gam upload sakey` command.
 ```
 gam delete sakeys <ServiceAccountKeyList>+ [doit]
 ```
-## Upload a Service Account key to a service account without a valid private key
-There are two cases where you will use this command:
-* Your workspace is configured to disable service account private key uploads and you are creating a project.
-* All of your service account keys have been deleted, either manually or with the `gam delete sakeys` command.
-
-The `oauth2service.json` file is updated with the new private key. If you had previously distributed
-any `oauth2service.json` file to other users, you must redistribute the updated file with the new key.
-```
-gam upload sakey [admin <EmailAddress>]
-        (algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
-        (localkeysize 1024|2048|4096 [validityhours <Number>])|
-        (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber <Number>)
-```
 ## Display Service Account keys
 There are system keys and user keys; user keys are what Gam uses; GCP uses system keys.
 
@@ -904,6 +895,19 @@ gam show sakeys [all|system|user]
 
 The private key currently being used in `oauth2service.json` will be marked as `usedToAuthenticateThisRequest: True`.
 
+## Upload a Service Account key to a service account without a valid private key
+There are two cases where you will use this command:
+* Your workspace is configured to disable service account private key uploads and you are creating a project.
+* All of your service account keys have been deleted, either manually or with the `gam delete sakeys` command.
+
+The `oauth2service.json` file is updated with the new private key. If you had previously distributed
+any `oauth2service.json` file to other users, you must redistribute the updated file with the new key.
+```
+gam upload sakey [admin <EmailAddress>]
+        (algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
+        (localkeysize 1024|2048|4096 [validityhours <Number>])|
+        (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber <Number>)
+```
 ## Manage Service Account access
 
 ## Full Service Account access