Add audience handling in token request message context

[Lashen1227]

This pull request adds logic to handle and store the audience values from the JWT subject token in the token request message context. This ensures that audience values provided in the request are properly parsed and set for downstream processing.

Related PRs:

• Add versioning support for pre-issue access token action and extend grant types identity-inbound-auth-oauth#3000
• Introduce version filtering for pre-issue access token action(v2) and extend OAuth grant type support wso2/carbon-identity-framework#7658

[wso2-engineering]

AI Agent Log Improvement Checklist

⚠️ Warning: AI-Generated Review Comments

• The log-related comments and suggestions in this review were generated by an AI tool to assist with identifying potential improvements. Purpose of reviewing the code for log improvements is to improve the troubleshooting capabilities of our products.
• Please make sure to manually review and validate all suggestions before applying any changes. Not every code suggestion would make sense or add value to our purpose. Therefore, you have the freedom to decide which of the suggestions are helpful.

✅ Before merging this pull request:

• Review all AI-generated comments for accuracy and relevance.
• Complete and verify the table below. We need your feedback to measure the accuracy of these suggestions and the value they add. If you are rejecting a certain code suggestion, please mention the reason briefly in the suggestion for us to capture it.

Comment	Accepted (Y/N)	Reason
#### Log Improvement Suggestion No: 1
#### Log Improvement Suggestion No: 2

[Copilot]

Pull request overview

This pull request adds logic to parse and store audience values in the token request message context during token exchange operations. The implementation parses comma-separated audience values from the request parameter and sets them on the token message context for downstream processing.

Key changes:

• Adds audience parsing and storage logic in the handleJWTSubjectToken method after audience validation
• Splits comma-separated audience values and trims whitespace before storing them in the message context

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The PR description states "store the audience values from the JWT subject token", but the implementation stores the requestedAudience parameter from the HTTP request (line 134) rather than the audiences extracted from the JWT claims (line 666). If the intent is to store JWT audiences, the code should use the 'audiences' variable (claimsSet.getAudience()) instead of 'requestedAudience'. If the intent is to store the request parameter audience, the PR description should be updated to reflect this.

[Copilot]

The new audience handling logic lacks test coverage. The test file TokenExchangeGrantHandlerTest.java has comprehensive tests for other functionality in this handler, but there are no tests verifying that tokReqMsgCtx.setAudiences() is called correctly with the parsed audience list. Consider adding tests to verify this new behavior, including edge cases like comma-separated audiences, audiences with whitespace, and the scenario where requestedAudience is null or empty.

[Copilot]

The string splitting logic doesn't filter out empty strings after trimming. If the requestedAudience contains consecutive commas (e.g., "aud1,,aud2") or commas with only whitespace between them (e.g., "aud1, , aud2"), the resulting list will contain empty strings. This could lead to invalid audience values being set in the token request message context. Consider adding a filter to remove empty strings after trimming.

Suggested change

	.map(String::trim)
	.map(String::trim)
	.filter(StringUtils::isNotEmpty)