Respond with JSON-formatted error when in api_only mode

Fixes #1121

NEWS.md

@@ -14,6 +14,7 @@ User-visible changes worth mentioning.
   hitting the `AuthorizedApplicationController#destroy` route.
 - [#1114] Make token info endpoint's attributes consistent with token creation
 - [#1119] Fix token revocation for OAuth apps using "implicit" grant flow
+- [#1122] Fix AuthorizationsController#new error response to be in JSON format
 
 ## 5.0.0.rc1
 

app/controllers/doorkeeper/authorizations_controller.rb

@@ -33,7 +33,7 @@ def render_success
 
     def render_error
       if Doorkeeper.configuration.api_only
-        render json: pre_auth.error_response.body[:error_description],
+        render json: pre_auth.error_response.body,
                status: :bad_request
       else
         render :error

spec/controllers/authorizations_controller_spec.rb

@@ -387,6 +387,33 @@ def translated_error_message(key)
     end
   end
 
+  describe 'GET #new in API mode with errors' do
+    let(:response_json_body) { JSON.parse(response.body) }
+
+    before do
+      default_scopes_exist :public
+      allow(Doorkeeper.configuration).to receive(:api_only).and_return(true)
+      get :new, params: { an_invalid: 'request' }
+    end
+
+    it 'should render bad request' do
+      expect(response).to have_http_status(:bad_request)
+    end
+
+    it 'includes error in body' do
+      expect(response_json_body['error']).to eq('unsupported_response_type')
+    end
+
+    it 'includes error description in body' do
+      expect(response_json_body['error_description']).to eq(translated_error_message(:unsupported_response_type))
+    end
+
+    it 'does not issue any token' do
+      expect(Doorkeeper::AccessGrant.count).to eq 0
+      expect(Doorkeeper::AccessToken.count).to eq 0
+    end
+  end
+
   describe 'GET #new with callbacks' do
     after do
       client.update_attribute :redirect_uri, 'urn:ietf:wg:oauth:2.0:oob'