Thanks for the question. My rule of thumb is this one. If the app needs to share keys, you have to use asymmetric.
You should never be allowed to share a symmetric key, regardless of the number of users, since the symmetric key is private.
Once one has the symmetric key, they can use it to sign tokens. Using asymmetric key pairs gives you the advantage of only sharing
the public key to those who only need to check the signature.