Google says in its own OAuth 2.0 specs in accordance with the OAuth 2.0 draft that the authorization header should be:

Authorization: Bearer {access_token}

And indeed it works with the G+ API.

But with the Google Calendar API you need to change the Bearer to OAuth!

Authorization: OAuth {access_token}

You can try it yourself in the Google OAuth 2.0 Playground.

I have discovered this after I hit my head several times against the keyboard.

I couldn't find anything about OAuth token type anywhere. Is this an example of Google's ignorance of its own guidelines and standards, or am I missing something?

The "Authorization: OAuth" format is supported for legacy reasons, earlier drafts of OAuth 2 used this schema.

In your code you should use "Authorization: Bearer". If this is not working then let me know exactly what API (exact URL and parameters) you are trying to use.

As an example, the following works with both Bearer and OAuth: curl --header "Authorization: Bearer XXX" "https://www.googleapis.com/calendar/v3/users/me/calendarList"