As always, if you used the auto-installer, just run the update command:
curl -sSL update.ticke.tz | sudo bash
WhatsApp Web has started requiring stronger authentication for some users. This authentication uses the passkeys configured in the WhatsApp mobile app, which in turn must be accessed from the browser using the WebAuthn feature.
The way this process was designed prevents any server-side bypass, because it depends on the user being signed in to Google Chrome with the same account used to create the key on the device.
The workaround we found is to connect to WhatsApp Web normally in the browser, going through the new authentication mechanism. Once connected, the established session is captured and transferred to the server. A Google Chrome extension is used to perform this task.
For security reasons, each administrator must generate an extension for each server, so the extension is already configured to handle only the specific sites of that installation.
In the settings screen under the "Server Administration" section, a button has been added to generate the extension.
Once the extension is generated, the server will automatically offer to install it for users when needed.
When trying to connect via QR Code on a WhatsApp that requires the new authentication, the system will automatically display a button to download the extension along with installation instructions:
chrome://extensions/.dist folder.After completing all the steps, return to the connections screen and click the icon to proceed with session capture.
If there is already an active WhatsApp Web session on the computer, the system will offer options to capture it or restart to connect with another number.
Tests were performed using Android and Google Chrome signed in with the same Google account used to store the key.
It is still possible to use the phone key directly via Bluetooth, which is likely the method for iPhone users. However, we were unable to test this configuration.