Ideas:

[A1985J09]

          Ideas:

add option to:

    joserfc.jwe.decrypt_json(...)

example:

   plaintext=joserfc.jwe.decrypt_json(msg, joserfc.jwk.KeySet([key1]), single_recipient = True)

Quickfix:

def _perform_decrypt(obj: EncryptionData, registry: JWERegistry) -> None:
    enc = registry.get_enc(obj.protected["enc"])

    iv = obj.bytes_segments["iv"]
    enc.check_iv(iv)

    tag = obj.bytes_segments["tag"]
    ciphertext = obj.bytes_segments["ciphertext"]

    cek_set = set()
    for recipient in obj.recipients:
        headers = recipient.headers()
        registry.check_header(headers, True)
        # Step 6, Determine the Key Management Mode employed by the algorithm
        # specified by the "alg" (algorithm) Header Parameter.
        alg = registry.get_alg(headers["alg"])
        **_try:_**
            cek = decrypt_recipient(alg, enc, recipient, tag)
            cek_set.add(cek)
        **_except:
            continue_**


def _attach_recipient_keys(
        recipients: t.List[Recipient[Key]],
        private_key: KeyFlexible,
        sender_key: t.Optional[t.Union[ECKey, OKPKey, KeySet]] = None) -> None:
    for recipient in recipients:
        **_try:_**
            key = guess_key(private_key, recipient)
            key.check_use("enc")
        _**except:
            continue**_

Originally posted by @aio-witc in https://github.com/authlib/joserfc/issues/16#issuecomment-1870699389

[lepture]

Fixed here: https://github.com/authlib/joserfc/commit/79d30da13610c0c88474545d4028c4f91c0dfab1