So whilst symmetric key encryption is an option, Auth0 prefers to use asymmetric key encryption when generating JWT signatures. You can read more about this here. Asymmetric key encryption is much more manageable and reduces security risk as the private key is only ever generated, held and managed by Auth0.