A customer would initiate the terminate authorization process via the Data Custodian web portal. They would log into the DC portal using their credentials and the UI would provide the option to modify and / or terminate any authorizations they have granted to third party applications.
In 22.214.171.124 it says The request uses DELETE method to the "token" endpoint of the data custodian. Wjat is the URI for "token" endpoint? Is it the same endpoint where the token was requested from? Judging by name "j_oauth_resolve_access_code" it is not the same.