How to Integrate App Authentication with an OCPP Central System
As EV charging infrastructure grows, user-friendly mobile apps and dashboards are essential. But how do you securely authenticate users in your app and link their actions to OCPP-connected chargers?
In this guide, we’ll show you how to build an app authentication system that works hand-in-hand with your OCPP central system (CSMS).
🧩 Architecture Overview
Components:
- Mobile App / Dashboard – Where users sign in and control charging
- Central System API (Flask) – REST API layer for users and admin actions
- OCPP WebSocket Server – Communicates with EVSEs via OCPP 1.6
- MongoDB – Stores users and charge point data
📊 Sequence Diagram: Start Charging via App
sequenceDiagram
participant User as Mobile App
participant API as Flask API Server
participant CSMS as OCPP Central System
participant EVSE as Charger (EVSE)
User->>API: POST /api/login (username, password)
API-->>User: JWT token + idTag
User->>API: POST /api/start_charging (evse_id, connector_id, token)
API->>CSMS: RemoteStartTransaction(idTag, connectorId)
CSMS->>EVSE: RemoteStartTransaction.req
EVSE-->>CSMS: RemoteStartTransaction.conf
CSMS-->>API: status = Accepted
API-->>User: {"status": "Accepted"}This flow ensures only authenticated users can trigger OCPP commands like RemoteStartTransaction.
🔑 1. User Authentication via JWT
We use Flask-JWT-Extended to handle token-based auth.
Setup
Install:
pip install flask flask-jwt-extended pymongo werkzeugFlask routes for signup and login:
@flask_app.route("/api/signup", methods=["POST"])
def signup():
...
token = create_access_token(identity=user["username"])
return jsonify(access_token=token, idTag=user["idTag"])
@flask_app.route("/api/login", methods=["POST"])
def login():
...
token = create_access_token(identity=user["username"])
return jsonify(access_token=token, idTag=user["idTag"])⚡ 2. Secure OCPP Action (Remote Start)
@flask_app.route("/api/start_charging", methods=["POST"])
@jwt_required()
def start_charging():
cp = connected_charge_points.get(evse_id)
payload = call.RemoteStartTransactionPayload(id_tag=id_tag, connector_id=connector_id)
future = asyncio.run_coroutine_threadsafe(cp.call(payload), main_loop)
result = future.result(timeout=10)
return jsonify({"status": result.status})🧠 Best Practices
- Hash passwords with
werkzeug.security - Use JWTs and set expiration
- Use
idTagconsistently across auth + OCPP - Restrict access by
role(user/admin/root) - Link
idTagto vehicles or accounts
🔧 Tools Used
| Tool | Purpose |
|---|---|
| Flask | REST API backend |
| Flask-JWT | Auth token generation |
| PyMongo | MongoDB access |
| asyncio | Concurrency + WebSocket calls |
| OCPP v1.6 | Communication with EVSEs |
🚀 Going Further
- Add QR-based pairing:
ocpp://CP001?connector=1 - Add firmware update + diagnostics features
- Build admin dashboard with user role control
Want the full source code or Postman test collection? Just ask!
Get in Touch with us
Chat with Us on LINE
iiitum1984
Related Posts
- AI赋能的软件开发 —— 为业务而生,而不仅仅是写代码
- AI-Powered Software Development — Built for Business, Not Just Code
- Agentic Commerce:自主化采购系统的未来(2026 年完整指南)
- Agentic Commerce: The Future of Autonomous Buying Systems (Complete 2026 Guide)
- 如何在现代 SOC 中构建 Automated Decision Logic(基于 Shuffle + SOC Integrator)
- How to Build Automated Decision Logic in a Modern SOC (Using Shuffle + SOC Integrator)
- 为什么我们选择设计 SOC Integrator,而不是直接进行 Tool-to-Tool 集成
- Why We Designed a SOC Integrator Instead of Direct Tool-to-Tool Connections
- 基于 OCPP 1.6 的 EV 充电平台构建 面向仪表盘、API 与真实充电桩的实战演示指南
- Building an OCPP 1.6 Charging Platform A Practical Demo Guide for API, Dashboard, and Real EV Stations
- 软件开发技能的演进(2026)
- Skill Evolution in Software Development (2026)
- Retro Tech Revival:从经典思想到可落地的产品创意
- Retro Tech Revival: From Nostalgia to Real Product Ideas
- SmartFarm Lite — 简单易用的离线农场记录应用
- OffGridOps — 面向真实现场的离线作业管理应用
- OffGridOps — Offline‑First Field Operations for the Real World
- SmartFarm Lite — Simple, Offline-First Farm Records in Your Pocket
- 基于启发式与新闻情绪的短期价格方向评估(Python)
- Estimating Short-Term Price Direction with Heuristics and News Sentiment (Python)
