I am using App Registrations with App Roles that can be then assigned to client applications.
I can use the following to get all roles assigned to a given client application:
var graphClient = new GraphServiceClient(new DefaultAzureCredential());
var assignments = graphClient.ServicePrincipals[<client-application-id>].AppRoleAssignments.GetAsync().Result;
Is there a way to instead get all role assignments for a given target application other than iterating over all the service principals and filtering their role assignments by the target resource?
You should be able to use the appRoleAssignedTo relation from the resource service principal: https://learn.microsoft.com/en-us/graph/api/serviceprincipal-list-approleassignedto?view=graph-rest-1.0&tabs=csharp.
Retrieve a list of appRoleAssignment that users, groups, or client service principals have been granted for the given resource service principal.
For example, if the resource service principal is the service principal for the Microsoft Graph API, this will return all service principals that have been granted any app-only permissions to Microsoft Graph.
Sample from docs:
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.ServicePrincipals["{servicePrincipal-id}"].AppRoleAssignedTo.GetAsync();