As EV charging infrastructure grows, user-friendly mobile apps and dashboards are essential. But how do you securely authenticate users in your app and link their actions to OCPP-connected chargers?

In this guide, we’ll show you how to build an app authentication system that works hand-in-hand with your OCPP central system (CSMS).

🧩 Architecture Overview

Components:

• Mobile App / Dashboard – Where users sign in and control charging
• Central System API (Flask) – REST API layer for users and admin actions
• OCPP WebSocket Server – Communicates with EVSEs via OCPP 1.6
• MongoDB – Stores users and charge point data

📊 Sequence Diagram: Start Charging via App

sequenceDiagram
    participant User as Mobile App
    participant API as Flask API Server
    participant CSMS as OCPP Central System
    participant EVSE as Charger (EVSE)

    User->>API: POST /api/login (username, password)
    API-->>User: JWT token + idTag

    User->>API: POST /api/start_charging (evse_id, connector_id, token)
    API->>CSMS: RemoteStartTransaction(idTag, connectorId)
    CSMS->>EVSE: RemoteStartTransaction.req
    EVSE-->>CSMS: RemoteStartTransaction.conf
    CSMS-->>API: status = Accepted
    API-->>User: {"status": "Accepted"}

This flow ensures only authenticated users can trigger OCPP commands like RemoteStartTransaction.

🔑 1. User Authentication via JWT

We use Flask-JWT-Extended to handle token-based auth.

Setup

Install:

pip install flask flask-jwt-extended pymongo werkzeug

Flask routes for signup and login:

@flask_app.route("/api/signup", methods=["POST"])
def signup():
    ...
    token = create_access_token(identity=user["username"])
    return jsonify(access_token=token, idTag=user["idTag"])

@flask_app.route("/api/login", methods=["POST"])
def login():
    ...
    token = create_access_token(identity=user["username"])
    return jsonify(access_token=token, idTag=user["idTag"])

⚡ 2. Secure OCPP Action (Remote Start)

@flask_app.route("/api/start_charging", methods=["POST"])
@jwt_required()
def start_charging():
    cp = connected_charge_points.get(evse_id)
    payload = call.RemoteStartTransactionPayload(id_tag=id_tag, connector_id=connector_id)
    future = asyncio.run_coroutine_threadsafe(cp.call(payload), main_loop)
    result = future.result(timeout=10)
    return jsonify({"status": result.status})

🧠 Best Practices

• Hash passwords with werkzeug.security
• Use JWTs and set expiration
• Use idTag consistently across auth + OCPP
• Restrict access by role (user/admin/root)
• Link idTag to vehicles or accounts

🔧 Tools Used

🚀 Going Further

• Add QR-based pairing: ocpp://CP001?connector=1
• Add firmware update + diagnostics features
• Build admin dashboard with user role control

Want the full source code or Postman test collection? Just ask!

Get in Touch with us

Send us an Email

Name *

Email *

Phone

Organization Name/ชื่อหน่วยงาน

Subject *

Services -- Select One -- Wordpress PHP / MySQL HTML5 / CSS3/ JQuery / Angular.js Node.js MongoDB Linux System Configuration/Tuning System Analysis/Design/Delopment/Implementation Graphic Design Online Ads Management SimpliLIB simpliCalCoupon IMCS SimpliExperience: VDO Presentation, Virtual Tour เก๋ๆ ดูดี พร้อมให้คำปรึกษา Social Media Marketing SimpliMedia: Online Digital Media Management System SimpliFactory: ชุดเทคโนโลยีสำหรับโรงงานอุตสาหกรรม

Message *

Send Message    Or    Tel: 0830010222, Line: iiitum1984

Email to Us

hello@simplico.net

Chat with Us on LINE

iiitum1984

Speak to Us or Whatsapp

(+66) 83001 0222

Related Posts

• 为制造工厂构建实时OEE追踪系统
• Building a Real-Time OEE Tracking System for Manufacturing Plants
• The $1M Enterprise Software Myth: How Open‑Source + AI Are Replacing Expensive Corporate Platforms
• 电商数据缓存实战：如何避免展示过期价格与库存
• How to Cache Ecommerce Data Without Serving Stale Prices or Stock
• AI驱动的遗留系统现代化：将机器智能集成到ERP、SCADA和本地化部署系统中
• AI-Driven Legacy Modernization: Integrating Machine Intelligence into ERP, SCADA, and On-Premise Systems
• The Price of Intelligence: What AI Really Costs
• 为什么你的 RAG 应用在生产环境中会失败（以及如何修复）
• Why Your RAG App Fails in Production (And How to Fix It)
• AI 时代的 AI-Assisted Programming：从《The Elements of Style》看如何写出更高质量的代码
• AI-Assisted Programming in the Age of AI: What *The Elements of Style* Teaches About Writing Better Code with Copilots
• AI取代人类的迷思：为什么2026年的企业仍然需要工程师与真正的软件系统
• The AI Replacement Myth: Why Enterprises Still Need Human Engineers and Real Software in 2026
• NSM vs AV vs IPS vs IDS vs EDR：你的企业安全体系还缺少什么？
• NSM vs AV vs IPS vs IDS vs EDR: What Your Security Architecture Is Probably Missing
• AI驱动的 Network Security Monitoring（NSM）
• AI-Powered Network Security Monitoring (NSM)
• 使用开源 + AI 构建企业级系统
• How to Build an Enterprise System Using Open-Source + AI

Our Products

Simplify Gym Management with SimpliGym

SimpliShop, All-in-One E-Commerce Platform with AI-Driven Features

รับออกแบบและพัฒนา Responsive Website / Web application

สอนพัฒนา website ด้วย Wordpress 5

สอนเขียน Ionic Framework: Cross-Platform Mobile App Development

สอนเขียน Python / Django Web Framework

SimpliLearn ระบบเรียน online ที่มาพร้อมกับ AI

SimpliRun, แอปสำหรับ virtual run และขายของ online

Mobile application สำหรับธุรกิจกีฬาที่ครบวงจร

ระบบแนะนำสินค้าสำหรับขายของ Online

simpliRec , ระบบแนะนำหนังสือที่ชาญฉลาด

Integrated Measurement Communication System ( IMCS )

SimpliFactory ชุดเทคโนโลยีสำหรับโรงงานอุตสาหกรรม , Software/Hardware