OAuth applications are defined under organizations any user, even users not associated with the organization, can grant the OAuth application the permission to act on their behalf.

If a user grants permission to an OAuth application, there is currently no way for the user to revoke that permission.

The only option  is to delete the OAuth application, which is a rather drastic measure. Even more so, when a user would like to revoke the permission from an application that lives in an organization not associated with the user.

Another way is to delete the user that granted permissions to the OAuth application or remove the access to certain repositories for that user.

It would be great if a user would be able to revoke grants to OAuth applications (similarly to what github does for example).