@Thijs Lecomte The user still has access to the application because the "User assignment required?" property is still set to "No".

 

The app no longer appears in the Apps portal but I can confirm that I am still able to retrieve tokens using the appropriate Oauth2 endpoints as described here https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow

 

I have also tested out the case that you brought up, where the user has granted consent, and then an admin un-assigns the user and sets "User assignment required" to "yes". The user can no longer access the application but the consent still exists in the "Permissions" tab, with no way for the user to revoke it.

In both cases, it doesn't seem like there is any way for the user to revoke consent for the application or to even know what permissions the application has (because they probably forgot what permissions they consented to in the first place).

 

Perhaps this is an edge case but unless I'm missing something this still seems like a privacy/security.issue.

It's true there is no real way for a user to check applications
The admin has to check these permissions for a user

I agree with you that a user should be able to check what permissions an application has

Agree: there's an issue here. I had given consent as non-privileged user to an application, it appeared under my https://myapplications.microsoft.com. I've revoked permissions, and deleted it in there. So far so good.
The still as non-privileged user, I gave consent to the application again - but it does not show up in myapplications.microsoft.com any more. I can see the applications in Azure portal linked to my non-privileged user, but I cannot change consent or remove the applications there.

After giving the permissions the second time, i.e. after deleting them in myapplications.microsoft.com, they should show up here again!