We are facing the same issue as raise by the OP.
Has there been an update to the endpoints/interfaces to allow applications that only need meeting
related endpoints to be able to determine which account a deauthorization event notification refers to?
If not, does this mean the deauthorization event handling is not required for compliance?
Are there any plans to include the account_id along with the payload that returns the refresh token during the oAuth process? Doing so would allow us to store the account_id along with the credentials which would enable us to lookup the account referenced in a future deauthorization notification.