Yes, this is a limitation of the platform and the only solution is to enable third party access restrictions for your organization.
If you don't have access to do that, I'd suggest contacting an organization administrator. We have made the setting a default for new organizations, but there's no way for us to migrate organizations created before that feature without an administrator being involved.
As you can see once I've granted access, I can't revoke authorization on an organization level.
From your account settings, you can select Authorized Applications and then choose the GitHub Classroom application from the list. On that page you will see a list of all the organizations the application has access to and you can revoke access to any organization that has third party access restrictions enabled.