As EV charging infrastructure grows, user-friendly mobile apps and dashboards are essential. But how do you securely authenticate users in your app and link their actions to OCPP-connected chargers?

In this guide, we’ll show you how to build an app authentication system that works hand-in-hand with your OCPP central system (CSMS).

🧩 Architecture Overview

Components:

• Mobile App / Dashboard – Where users sign in and control charging
• Central System API (Flask) – REST API layer for users and admin actions
• OCPP WebSocket Server – Communicates with EVSEs via OCPP 1.6
• MongoDB – Stores users and charge point data

📊 Sequence Diagram: Start Charging via App

sequenceDiagram
    participant User as Mobile App
    participant API as Flask API Server
    participant CSMS as OCPP Central System
    participant EVSE as Charger (EVSE)

    User->>API: POST /api/login (username, password)
    API-->>User: JWT token + idTag

    User->>API: POST /api/start_charging (evse_id, connector_id, token)
    API->>CSMS: RemoteStartTransaction(idTag, connectorId)
    CSMS->>EVSE: RemoteStartTransaction.req
    EVSE-->>CSMS: RemoteStartTransaction.conf
    CSMS-->>API: status = Accepted
    API-->>User: {"status": "Accepted"}

This flow ensures only authenticated users can trigger OCPP commands like RemoteStartTransaction.

🔑 1. User Authentication via JWT

We use Flask-JWT-Extended to handle token-based auth.

Setup

Install:

pip install flask flask-jwt-extended pymongo werkzeug

Flask routes for signup and login:

@flask_app.route("/api/signup", methods=["POST"])
def signup():
    ...
    token = create_access_token(identity=user["username"])
    return jsonify(access_token=token, idTag=user["idTag"])

@flask_app.route("/api/login", methods=["POST"])
def login():
    ...
    token = create_access_token(identity=user["username"])
    return jsonify(access_token=token, idTag=user["idTag"])

⚡ 2. Secure OCPP Action (Remote Start)

@flask_app.route("/api/start_charging", methods=["POST"])
@jwt_required()
def start_charging():
    cp = connected_charge_points.get(evse_id)
    payload = call.RemoteStartTransactionPayload(id_tag=id_tag, connector_id=connector_id)
    future = asyncio.run_coroutine_threadsafe(cp.call(payload), main_loop)
    result = future.result(timeout=10)
    return jsonify({"status": result.status})

🧠 Best Practices

• Hash passwords with werkzeug.security
• Use JWTs and set expiration
• Use idTag consistently across auth + OCPP
• Restrict access by role (user/admin/root)
• Link idTag to vehicles or accounts

🔧 Tools Used

🚀 Going Further

• Add QR-based pairing: ocpp://CP001?connector=1
• Add firmware update + diagnostics features
• Build admin dashboard with user role control

Want the full source code or Postman test collection? Just ask!

Get in Touch with us

Send us an Email

Name *

Email *

Phone

Organization Name/ชื่อหน่วยงาน

Subject *

Services -- Select One -- Wordpress PHP / MySQL HTML5 / CSS3/ JQuery / Angular.js Node.js MongoDB Linux System Configuration/Tuning System Analysis/Design/Delopment/Implementation Graphic Design Online Ads Management SimpliLIB simpliCalCoupon IMCS SimpliExperience: VDO Presentation, Virtual Tour เก๋ๆ ดูดี พร้อมให้คำปรึกษา Social Media Marketing SimpliMedia: Online Digital Media Management System SimpliFactory: ชุดเทคโนโลยีสำหรับโรงงานอุตสาหกรรม

Message *

Send Message    Or    Tel: 0830010222, Line: iiitum1984

Email to Us

hello@simplico.net

Chat with Us on LINE

iiitum1984

Speak to Us or Whatsapp

(+66) 83001 0222

Related Posts

• Understanding Anti-Drone Systems: Architecture, Hardware, and Software
• RTOS vs Linux in Drone Systems: Modern Design, Security, and Rust for Next-Gen Drones
• Why Does Spring Use So Many Annotations? Java vs. Python Web Development Explained
• From Django to Spring Boot: A Practical, Visual Guide for Web Developers
• How to Build Large, Maintainable Python Systems with Clean Architecture: Concepts & Real-World Examples
• Why Test-Driven Development Makes Better Business Sense
• Continuous Delivery for Django on DigitalOcean with GitHub Actions & Docker
• Build a Local Product Recommendation System with LangChain, Ollama, and Open-Source Embeddings
• 2025 Guide: Comparing the Top Mobile App Frameworks (Flutter, React Native, Expo, Ionic, and More)
• Understanding `np.meshgrid()` in NumPy: Why It’s Needed and What Happens When You Swap It
• How to Use PyMeasure for Automated Instrument Control and Lab Experiments
• Supercharge Your Chatbot: Custom API Integration Services for Your Business
• How to Guess an Equation Without Math: Exploring Cat vs. Bird Populations
• How to Build an AI-Resistant Project: Ideas That Thrive on Human Interaction
• Build Your Own Cybersecurity Lab with GNS3 + Wazuh + Docker: Train, Detect, and Defend in One Platform
• How to Simulate and Train with Network Devices Using GNS3
• What Is an LMS? And Why You Should Pay Attention to Frappe LMS
• Agentic AI in Factories: Smarter, Faster, and More Autonomous Operations
• Smarter, Safer EV Fleets: Geo-Fencing and Real-Time Tracking for Electric Motorcycles
• How to Implement Google Single Sign-On (SSO) in FastAPI

Our Products

Simplify Gym Management with SimpliGym

SimpliShop, All-in-One E-Commerce Platform with AI-Driven Features

รับออกแบบและพัฒนา Responsive Website / Web application

สอนพัฒนา website ด้วย Wordpress 5

สอนเขียน Ionic Framework: Cross-Platform Mobile App Development

สอนเขียน Python / Django Web Framework

SimpliLearn ระบบเรียน online ที่มาพร้อมกับ AI

SimpliRun, แอปสำหรับ virtual run และขายของ online

Mobile application สำหรับธุรกิจกีฬาที่ครบวงจร

ระบบแนะนำสินค้าสำหรับขายของ Online

simpliRec , ระบบแนะนำหนังสือที่ชาญฉลาด

Integrated Measurement Communication System ( IMCS )

SimpliFactory ชุดเทคโนโลยีสำหรับโรงงานอุตสาหกรรม , Software/Hardware