Google Calendar returning invalid grant

The credentials are the authorization from Google to Your Application to use the scopes you have set-up, this is okay to have it in a database if you update it every time you add new scopes to your app.

The Access Token is the authorization from the user to your application to get it's Google Data (calendar in this case). It has a limited lifetime so this is not okay to save in a database.

The Refresh Token is the token that allows your application to get more tokens for a client. It has a limited lifetime as well.

For more info see: Using OAuth 2.0 to Access Google APIs

Every time you change your scopes or add more scopes you have to re-generate the credentials. You have 50 refresh tokens per user account per client, see Token expiration. So having the tokens in a database makes no sense since they are going to get deprecated at some point, if you have 51 clients the 1st token will get deprecated.

Check:

  1. How do you have it set-up on your database
  2. If you renew properly the tokens
  3. If you are using the correct tokens for the users

You can delete all the tokens (NOT the CREDENTIALS) and your current users will only have to go through the consent screen and allow it again, they will not lose the connection.