JSON Web Signature
JWS is the IETF standard for digitally signing or MACing content and representing the result in JSON-friendly, Base64url-encoded form. It is the signing layer beneath JWTs, so most OAuth and OpenID Connect tokens are actually JWS structures. Implementations must validate the algorithm header carefully; the "alg: none" bypass is a classic JWS vulnerability.