The current spec says:
JWS algorithm considerations
Both clients and authorisation servers:
shall use PS256 or ES256 algorithms; should not use algorithms that use RSASSA-PKCS1-v1_5 (e.g. RS256); shall not use none;
I think it's an oversight that this says "JWS" at the start. I think It was intended to cover JWE too. Simplest fix is to tweak the section title to say "JWS/JWE considerations".