Figures out the authority based on the authority from the config and the authority from the request, and optionally the homeAccountTenantId, which has an impact on AcquireTokenSilent The algorithm is: 1. If there is no request authority (i.e. no authority override), use the config authority. 1.1. For AAD, if the config authority is "common" etc, try to use the tenanted version with the home account tenant ID 2. If there is a request authority, try to use it. 2.1. If the request authority is not "common", then use it 2.2 If the request authority is "common", ignore it, and use 1.1 Special cases: - if the authority is not defined at the application level and the request level is not AAD, use the request authority - if the authority is defined at app level, and the request level authority of is of different type, throw an exception