HS256 is a symmetric algorithm, meaning there is one secret key shared between the identity provider and the recipient of the token. The same key is used to both create the signature and to validate it. This key must be kept secret at all times.
If you are developing the app that is receiving the tokens, then you should use HS256. It is more secure, faster, and the token is smaller.
RS256 is an asymmetric algorithm, meaning it uses a public/private key pair. Identity Framework uses the private key for signing and provides you the public key to use to validate the signature.
If you don’t have control over the app/client receiving the tokens, then RS256 is a good choice. The key can be used in a browser or mobile app, doesn’t have to be secure, and can be shared without compromising security.
I still recommend using a symmetric algorithm any time it’s possible since it produces smaller tokens and signs faster. Accordingly, HS256 remains the default, but now you have an alternative for when HS256 isn’t right for you.
Symmetric vs. Asymmetric Systems. There are two basic types of encryption: symmetric algorithms: (also called “secret key”) use the same key for both encryption and decryption; asymmetric algorithms: (also called “public key”) use different keys for encryption and decryption.