Thanks for reaching out about this—as it turns out, in order to get the de-authorization webhook event to fire, you’ll need to ensure you’re testing with the production version of the app (you can find the install link for this under ‘Publishable URL’ on the Submit page of your app in the marketplace.