fix(jwk): return the first key when multiple keys found in key set

lepture · lepture · commit 0c3caafb7026 · 2025-08-29T23:12:24.000+09:00
authlib/authlib#785
diff --git a/src/joserfc/_keys.py b/src/joserfc/_keys.py
@@ -148,13 +148,9 @@ def get_by_kid(self, kid: str | None = None, parameters: KeyParameters | None =
         if parameters:
             keys = list(_filter_keys_by_parameters(keys, parameters))
 
-        if len(keys) == 1:
+        if keys:
             return keys[0]
-
-        elif len(keys) == 0:
-            raise InvalidKeyIdError(f"No key for kid: '{kid}'")
-        else:
-            raise InvalidKeyIdError(f"Multiple keys for kid: '{kid}'")
+        raise InvalidKeyIdError(f"No key for kid: '{kid}'")
 
     def pick_random_key(self, algorithm: str, parameters: KeyParameters | None = None) -> t.Optional[Key]:
         key_types = self.algorithm_keys.get(algorithm)
diff --git a/tests/jwk/test_key_methods.py b/tests/jwk/test_key_methods.py
@@ -153,13 +153,8 @@ def test_find_correct_key_with_use(self):
         jws.serialize_compact({"alg": "HS256", "kid": key2.kid}, "foo", key_set)
 
         key_set = KeySet([key1, key2, key2])
-        self.assertRaises(
-            InvalidKeyIdError,
-            jws.serialize_compact,
-            {"alg": "HS256", "kid": key2.kid},
-            "foo",
-            key_set,
-        )
+        # return the first found key
+        jws.serialize_compact({"alg": "HS256", "kid": key2.kid}, "foo", key_set)
 
     def test_find_correct_key_with_alg(self):
         key = OctKey.generate_key()
