The algorithm used to sign tokens issued for your application or API. The signature is used to verify that the sender of the token is who it says it is and to ensure that the message wasn't changed along the way.
You can select from the following signing algorithms:
RS256 (RSA Signature with SHA-256): An asymmetric algorithm, which means that there are two keys: one public and one private (secret). Auth0 has the private key used to generate the signature, and the consumer of the JWT retrieves a public key to validate the signature from the metadata endpoints provided by Auth0.
HS256 (HMAC with SHA-256): A symmetric algorithm, which means that there is only one private (secret) key, and it is shared between the two parties. Since the same key is used both to generate the signature and to validate it, care must be taken to ensure that the key is not compromised.
The most secure practice, and our recommendation, is to use RS256. Some of the reasons are:
With RS256 you are sure that only the holder of the private key (Auth0) can sign tokens, while anyone can check if the token is valid using the public key.
With RS256, you can request a token that is valid for multiple audiences.
With RS256, if the secret key is compromised, you can implement key rotation without having to re-deploy the API with the new secret (which you would have to do under HS256).
For a more detailed overview of the JWT signing algorithms, see our blog post: JSON Web Token (JWT) Signing Algorithms Overview.