HS256 (HMAC, shared secret) is fine for monolith services where the same code signs AND verifies. RS256 (asymmetric, public key verifies, private key signs) is required when multiple services verify tokens issued by a single auth service — only the auth service holds the signing key. For multi-service auth, RS256 avoids sharing secrets.
Single FastAPI service: HS256 with secret in env, simple and fast.
Multi-service (auth + API + UI): RS256, auth service signs with private key, others verify with public key.
JWT_ALG settings field makes migration a config swap, not a code rewrite.
Issuer (private key) -> sign -> JWT -> Verifier (public key) -> accept
Symmetric (HS256) if both are the same service; asymmetric (RS256) otherwise
HS256 for monolith, RS256 once a second service needs to verify.