refactoring/extend Authorization part 1 (remove legacy, check tenant vs domain)