How to Integrate App Authentication with an OCPP Central System
As EV charging infrastructure grows, user-friendly mobile apps and dashboards are essential. But how do you securely authenticate users in your app and link their actions to OCPP-connected chargers?
In this guide, we’ll show you how to build an app authentication system that works hand-in-hand with your OCPP central system (CSMS).
🧩 Architecture Overview
Components:
- Mobile App / Dashboard – Where users sign in and control charging
- Central System API (Flask) – REST API layer for users and admin actions
- OCPP WebSocket Server – Communicates with EVSEs via OCPP 1.6
- MongoDB – Stores users and charge point data
📊 Sequence Diagram: Start Charging via App
sequenceDiagram
participant User as Mobile App
participant API as Flask API Server
participant CSMS as OCPP Central System
participant EVSE as Charger (EVSE)
User->>API: POST /api/login (username, password)
API-->>User: JWT token + idTag
User->>API: POST /api/start_charging (evse_id, connector_id, token)
API->>CSMS: RemoteStartTransaction(idTag, connectorId)
CSMS->>EVSE: RemoteStartTransaction.req
EVSE-->>CSMS: RemoteStartTransaction.conf
CSMS-->>API: status = Accepted
API-->>User: {"status": "Accepted"}This flow ensures only authenticated users can trigger OCPP commands like RemoteStartTransaction.
🔑 1. User Authentication via JWT
We use Flask-JWT-Extended to handle token-based auth.
Setup
Install:
pip install flask flask-jwt-extended pymongo werkzeugFlask routes for signup and login:
@flask_app.route("/api/signup", methods=["POST"])
def signup():
...
token = create_access_token(identity=user["username"])
return jsonify(access_token=token, idTag=user["idTag"])
@flask_app.route("/api/login", methods=["POST"])
def login():
...
token = create_access_token(identity=user["username"])
return jsonify(access_token=token, idTag=user["idTag"])⚡ 2. Secure OCPP Action (Remote Start)
@flask_app.route("/api/start_charging", methods=["POST"])
@jwt_required()
def start_charging():
cp = connected_charge_points.get(evse_id)
payload = call.RemoteStartTransactionPayload(id_tag=id_tag, connector_id=connector_id)
future = asyncio.run_coroutine_threadsafe(cp.call(payload), main_loop)
result = future.result(timeout=10)
return jsonify({"status": result.status})🧠 Best Practices
- Hash passwords with
werkzeug.security - Use JWTs and set expiration
- Use
idTagconsistently across auth + OCPP - Restrict access by
role(user/admin/root) - Link
idTagto vehicles or accounts
🔧 Tools Used
| Tool | Purpose |
|---|---|
| Flask | REST API backend |
| Flask-JWT | Auth token generation |
| PyMongo | MongoDB access |
| asyncio | Concurrency + WebSocket calls |
| OCPP v1.6 | Communication with EVSEs |
🚀 Going Further
- Add QR-based pairing:
ocpp://CP001?connector=1 - Add firmware update + diagnostics features
- Build admin dashboard with user role control
Want the full source code or Postman test collection? Just ask!
Get in Touch with us
Chat with Us on LINE
iiitum1984
Related Posts
- 她的世界
- Her World
- Temporal × 本地大模型 × Robot Framework 面向中国企业的可靠业务自动化架构实践
- Building Reliable Office Automation with Temporal, Local LLMs, and Robot Framework
- RPA + AI: 为什么没有“智能”的自动化一定失败, 而没有“治理”的智能同样不可落地
- RPA + AI: Why Automation Fails Without Intelligence — and Intelligence Fails Without Control
- Simulating Border Conflict and Proxy War
- 先解决“检索与访问”问题 重塑高校图书馆战略价值的最快路径
- Fix Discovery & Access First: The Fastest Way to Restore the University Library’s Strategic Value
- 我们正在开发一个连接工厂与再生资源企业的废料交易平台
- We’re Building a Better Way for Factories and Recyclers to Trade Scrap
- 如何使用 Python 开发 MES(制造执行系统) —— 面向中国制造企业的实用指南
- How to Develop a Manufacturing Execution System (MES) with Python
- MES、ERP 与 SCADA 的区别与边界 —— 制造业系统角色与连接关系详解
- MES vs ERP vs SCADA: Roles and Boundaries Explained
- 为什么学习软件开发如此“痛苦” ——以及真正有效的解决方法
- Why Learning Software Development Feels So Painful — and How to Fix It
- 企业最终会选择哪种 AI:GPT 风格,还是 Gemini 风格?
- What Enterprises Will Choose: GPT-Style AI or Gemini-Style AI?
- GPT-5.2 在哪些真实业务场景中明显优于 GPT-5.1
