How to Integrate App Authentication with an OCPP Central System
As EV charging infrastructure grows, user-friendly mobile apps and dashboards are essential. But how do you securely authenticate users in your app and link their actions to OCPP-connected chargers?
In this guide, we’ll show you how to build an app authentication system that works hand-in-hand with your OCPP central system (CSMS).
🧩 Architecture Overview
Components:
- Mobile App / Dashboard – Where users sign in and control charging
- Central System API (Flask) – REST API layer for users and admin actions
- OCPP WebSocket Server – Communicates with EVSEs via OCPP 1.6
- MongoDB – Stores users and charge point data
📊 Sequence Diagram: Start Charging via App
sequenceDiagram
participant User as Mobile App
participant API as Flask API Server
participant CSMS as OCPP Central System
participant EVSE as Charger (EVSE)
User->>API: POST /api/login (username, password)
API-->>User: JWT token + idTag
User->>API: POST /api/start_charging (evse_id, connector_id, token)
API->>CSMS: RemoteStartTransaction(idTag, connectorId)
CSMS->>EVSE: RemoteStartTransaction.req
EVSE-->>CSMS: RemoteStartTransaction.conf
CSMS-->>API: status = Accepted
API-->>User: {"status": "Accepted"}This flow ensures only authenticated users can trigger OCPP commands like RemoteStartTransaction.
🔑 1. User Authentication via JWT
We use Flask-JWT-Extended to handle token-based auth.
Setup
Install:
pip install flask flask-jwt-extended pymongo werkzeugFlask routes for signup and login:
@flask_app.route("/api/signup", methods=["POST"])
def signup():
...
token = create_access_token(identity=user["username"])
return jsonify(access_token=token, idTag=user["idTag"])
@flask_app.route("/api/login", methods=["POST"])
def login():
...
token = create_access_token(identity=user["username"])
return jsonify(access_token=token, idTag=user["idTag"])⚡ 2. Secure OCPP Action (Remote Start)
@flask_app.route("/api/start_charging", methods=["POST"])
@jwt_required()
def start_charging():
cp = connected_charge_points.get(evse_id)
payload = call.RemoteStartTransactionPayload(id_tag=id_tag, connector_id=connector_id)
future = asyncio.run_coroutine_threadsafe(cp.call(payload), main_loop)
result = future.result(timeout=10)
return jsonify({"status": result.status})🧠 Best Practices
- Hash passwords with
werkzeug.security - Use JWTs and set expiration
- Use
idTagconsistently across auth + OCPP - Restrict access by
role(user/admin/root) - Link
idTagto vehicles or accounts
🔧 Tools Used
| Tool | Purpose |
|---|---|
| Flask | REST API backend |
| Flask-JWT | Auth token generation |
| PyMongo | MongoDB access |
| asyncio | Concurrency + WebSocket calls |
| OCPP v1.6 | Communication with EVSEs |
🚀 Going Further
- Add QR-based pairing:
ocpp://CP001?connector=1 - Add firmware update + diagnostics features
- Build admin dashboard with user role control
Want the full source code or Postman test collection? Just ask!
Get in Touch with us
Chat with Us on LINE
iiitum1984
Related Posts
- 基于启发式与新闻情绪的短期价格方向评估(Python)
- Estimating Short-Term Price Direction with Heuristics and News Sentiment (Python)
- Rust vs Python:AI 与大型系统时代的编程语言选择
- Rust vs Python: Choosing the Right Tool in the AI & Systems Era
- How Software Technology Can Help Chanthaburi Farmers Regain Control of Fruit Prices
- AI 如何帮助发现金融机会
- How AI Helps Predict Financial Opportunities
- 在 React Native 与移动应用中使用 ONNX 模型的方法
- How to Use an ONNX Model in React Native (and Other Mobile App Frameworks)
- 叶片病害检测算法如何工作:从相机到决策
- How Leaf Disease Detection Algorithms Work: From Camera to Decision
- Smart Farming Lite:不依赖传感器的实用型数字农业
- Smart Farming Lite: Practical Digital Agriculture Without Sensors
- 为什么定制化MES更适合中国工厂
- Why Custom-Made MES Wins Where Ready-Made Systems Fail
- How to Build a Thailand-Specific Election Simulation
- When AI Replaces Search: How Content Creators Survive (and Win)
- 面向中国市场的再生资源金属价格预测(不投机、重决策)
- How to Predict Metal Prices for Recycling Businesses (Without Becoming a Trader)
- Smart Durian Farming with Minimum Cost (Thailand)
