As EV charging infrastructure grows, user-friendly mobile apps and dashboards are essential. But how do you securely authenticate users in your app and link their actions to OCPP-connected chargers?

In this guide, we’ll show you how to build an app authentication system that works hand-in-hand with your OCPP central system (CSMS).

🧩 Architecture Overview

Components:

• Mobile App / Dashboard – Where users sign in and control charging
• Central System API (Flask) – REST API layer for users and admin actions
• OCPP WebSocket Server – Communicates with EVSEs via OCPP 1.6
• MongoDB – Stores users and charge point data

📊 Sequence Diagram: Start Charging via App

sequenceDiagram
    participant User as Mobile App
    participant API as Flask API Server
    participant CSMS as OCPP Central System
    participant EVSE as Charger (EVSE)

    User->>API: POST /api/login (username, password)
    API-->>User: JWT token + idTag

    User->>API: POST /api/start_charging (evse_id, connector_id, token)
    API->>CSMS: RemoteStartTransaction(idTag, connectorId)
    CSMS->>EVSE: RemoteStartTransaction.req
    EVSE-->>CSMS: RemoteStartTransaction.conf
    CSMS-->>API: status = Accepted
    API-->>User: {"status": "Accepted"}

This flow ensures only authenticated users can trigger OCPP commands like RemoteStartTransaction.

🔑 1. User Authentication via JWT

We use Flask-JWT-Extended to handle token-based auth.

Setup

Install:

pip install flask flask-jwt-extended pymongo werkzeug

Flask routes for signup and login:

@flask_app.route("/api/signup", methods=["POST"])
def signup():
    ...
    token = create_access_token(identity=user["username"])
    return jsonify(access_token=token, idTag=user["idTag"])

@flask_app.route("/api/login", methods=["POST"])
def login():
    ...
    token = create_access_token(identity=user["username"])
    return jsonify(access_token=token, idTag=user["idTag"])

⚡ 2. Secure OCPP Action (Remote Start)

@flask_app.route("/api/start_charging", methods=["POST"])
@jwt_required()
def start_charging():
    cp = connected_charge_points.get(evse_id)
    payload = call.RemoteStartTransactionPayload(id_tag=id_tag, connector_id=connector_id)
    future = asyncio.run_coroutine_threadsafe(cp.call(payload), main_loop)
    result = future.result(timeout=10)
    return jsonify({"status": result.status})

🧠 Best Practices

• Hash passwords with werkzeug.security
• Use JWTs and set expiration
• Use idTag consistently across auth + OCPP
• Restrict access by role (user/admin/root)
• Link idTag to vehicles or accounts

🔧 Tools Used

🚀 Going Further

• Add QR-based pairing: ocpp://CP001?connector=1
• Add firmware update + diagnostics features
• Build admin dashboard with user role control

Want the full source code or Postman test collection? Just ask!

Get in Touch with us

Send us an Email

Name *

Email *

Phone

Organization Name/ชื่อหน่วยงาน

Subject *

Services -- Select One -- Wordpress PHP / MySQL HTML5 / CSS3/ JQuery / Angular.js Node.js MongoDB Linux System Configuration/Tuning System Analysis/Design/Delopment/Implementation Graphic Design Online Ads Management SimpliLIB simpliCalCoupon IMCS SimpliExperience: VDO Presentation, Virtual Tour เก๋ๆ ดูดี พร้อมให้คำปรึกษา Social Media Marketing SimpliMedia: Online Digital Media Management System SimpliFactory: ชุดเทคโนโลยีสำหรับโรงงานอุตสาหกรรม

Message *

Send Message    Or    Tel: 0830010222, Line: iiitum1984

Email to Us

hello@simplico.net

Chat with Us on LINE

iiitum1984

Speak to Us or Whatsapp

(+66) 83001 0222

Related Posts

• Connecting TAK and Wazuh for Real-Time Threat Awareness
• Scaling Wazuh for Multi-Site Network Security Monitoring
• Why ERP Projects Fail — and How to Avoid It
• How to Build Strong Communities with Technology
• How AI Can Make Open Zoos More Fun, Smart, and Educational
• How to Choose the Right Recycling Factory for Industrial Scrap
• Understanding Modern Database Technologies — and How to Choose the Right One
• The Future Is at the Edge — Understanding Edge & Distributed Computing in 2025
• NVIDIA and the Two Waves: From Crypto to AI — The Art of Riding a Bubble
• From Manual Checks to AI-Powered Avionics Maintenance
• Automated Certificate Generator from XLSX Templates
• Introducing SimpliPOS (COFF POS) — A Café-Focused POS System
• Building a Local-First Web App with Alpine.js — Fast, Private, and Serverless
• Carbon Footprint Calculator (Recycling) — Measuring CO₂ Savings in Recycling Operations
• Recycle Factory Tools: A Smarter Way to Track Scrap Operations
• Running Form Coach — Cadence Metronome, Tapper, Drills, Posture Checklist
• How to Build a Carbon Credit Calculator for Your Business
• Transform Your Room with SimRoom: AI-Powered Interior Design
• How to Be Smarter in the AI Era with Science, Math, Coding, and Business
• 🎮 How to Make Projects Fun: Using the Octalysis Framework

Our Products

Simplify Gym Management with SimpliGym

SimpliShop, All-in-One E-Commerce Platform with AI-Driven Features

รับออกแบบและพัฒนา Responsive Website / Web application

สอนพัฒนา website ด้วย Wordpress 5

สอนเขียน Ionic Framework: Cross-Platform Mobile App Development

สอนเขียน Python / Django Web Framework

SimpliLearn ระบบเรียน online ที่มาพร้อมกับ AI

SimpliRun, แอปสำหรับ virtual run และขายของ online

Mobile application สำหรับธุรกิจกีฬาที่ครบวงจร

ระบบแนะนำสินค้าสำหรับขายของ Online

simpliRec , ระบบแนะนำหนังสือที่ชาญฉลาด

Integrated Measurement Communication System ( IMCS )

SimpliFactory ชุดเทคโนโลยีสำหรับโรงงานอุตสาหกรรม , Software/Hardware