Difference Between RS256 and HS256 JWT Signing Algorithms

Knowledge Solutions
, , , ,
1

Last Updated: Jul 26,2024

Overview

This article describes the difference between RS256 and HS256 JWT signing algorithms.

Applies To

  • RS256
  • HS256

Solution

  • RS256 and HS256 are algorithms used for signing a JWT.
  • RS256 is an asymmetric algorithm, meaning it uses a public and private key pair.
  • HS256 is a symmetric algorithm, meaning it uses a shared secret.
  • Auth0 uses RS256 as the default signing algorithm in JWTs. We recommend using RS256 instead of HS256 for several reasons.

RS256 and HS256 are two algorithms used for signing a JSON Web Token (JWT). To help explain what that means and why it’s important, it’s helpful to understand what a JWT is.

A JWT is a “compact, URL-safe means of representing claims to be transferred between two parties” (RFC-7519). It’s a base-64 encoded token composed of three parts: a header, a payload, and a signature. The header specifies the type and signing algorithm. The payload includes the data (or claims) being passed. The signature allows the consumer of the JWT to validate that it hasn’t been tampered with.

1
Following the OpenID Connect protocol, Auth0 uses JWTs for ID Tokens which are used for passing the claims about a user to the application after authentication. The application needs to trust that the claims encoded in a JWT have not been altered in any way. This is why a JWT includes a signature.

The JWT signature allows its recipient to validate that it has not been manipulated. To generate a signature, the JWT issuer uses a signing algorithm. There are several algorithm options, but the most common are RS256 (RSA Signature with SHA-256) and HS256 (HMAC with SHA-256). The key difference between these two algorithms is that RS256 is asymmetric, and HS256 is symmetric.

RS256

RS256 is an asymmetric algorithm, which means that the issuer (for example, Auth0) has a private key that it uses to generate the signature. The JWT consumer (for example, the application) uses a public key to validate the signature. It is possible to retrieve the Auth0 tenant’s public keys from https://DOMAIN_NAME/.well-known/jwks.json.
2

HS256

HS256 is a symmetric algorithm, which means instead of using a public/secret key pair, it uses one shared secret to sign and validate the token. When using HS256, both Auth0 and the application would use the same shared secret. This means that if the secret were to be found by a third party, they could generate a valid JWT for the application. In Auth0, the secret for the Access Token would be located in Dashboard > Applications > APIs > select API > Settings Tab > Token Settings > Signing Secret. For the ID Token, the secret used to sign the HS256 JWT is the client secret of the corresponding application.
3

Configuring signing algorithms in Auth0

As mentioned, the ID Token received by the application from Auth0 is a JWT. To select the signing algorithm used in the ID Token, go to the application’s advanced settings and select JsonWebToken Signature Algorithm. The default and recommended algorithm is RS256.
4
When registering an API within the Auth0 tenant, the application can use the API as the audience when requesting an Access Token. In this scenario, the Access Token received from Auth0 is also a JWT. Select the signing algorithm when registering the API.
5

Related References

2 Likes